Create a keytab using ktutil and j2cli Python package (useful for AD tied servers)

create-keytab.sh

#!/usr/bin/env bash

# Generate a keytab using ktutil
# Store keys encrypted with des3, aes128, aes256, arcfour and des

# $1 = keytab principal
# $2 = keytab realm
# $3 = keytab filename
# $4 = principal password ('-' to prompt for password)
# $5 = kvno

if [ "$#" -eq 5 ]; then
  if [ "$4" == "-" ]; then
    echo -n "Password: "
    read -s principal_password
  else
    principal_password="$4"
  fi

  echo ""
  cwd=$(dirname "$0")
  export principal="$1"
  export realm="$2"
  export filename="$3"
  export password="$principal_password"
  export kvno="$5"

  rm -f "$3"
  envsubst <"$cwd/ktutil-lines.txt" | ktutil
  chmod 400 "$3"
else
  echo "Wrong number of arguments"
  echo "Usage: create-keytab.sh <principal> <realm> <keytab_filename> <password> <kvno>"
fi

ktutil-lines.txt

add_entry -password -p ${principal}@${realm} -k ${kvno} -e des3-cbc-sha1
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e aes128-cts-hmac-sha1-96
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e aes256-cts-hmac-sha1-96
${password}
add_entry -password -p ${principal}@${realm} -k ${kvno} -e arcfour-hmac
${password}
write_kt ${filename}
exit