Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Verify keytab files
The contents of keytab file can be verified using either Unix/linux ktutil or klist commands or java ktab utility.
(1)
-bash-3.2$ ktutil
ktutil: rkt krba01.keytab
ktutil: list
slot KVNO Principal
---- ---- ------------------------------------------------------------------------------------------------
1 3 HTTP/krba01.incept.lab@INCEPT.LAB
2 3 service_krba01@INCEPT.LAB
(2)
-bash-3.2$ klist -k –t krba01.keytab
KVNO Timestamp Principal
---- ---------------- -----------------------------------------------------------
3 05/12/2013 15:25 HTTP/krba01.incept.lab@INCEPT.LAB
3 05/12/2013 15:25 service_krba01@INCEPT.LAB
(3)
To get encryption type of keys
-bash-3.2$ klist -k -e –t krba01.keytab
Keytab name: FILE:krba01.keytab
KVNO Principal
---- ---------------------------------------------------------------------------------
3 HTTP/krba01.incept.lab@INCEPT.LAB (ArcFour with HMAC/md5)
3 service_krba01@INCEPT.LAB (ArcFour with HMAC/md5)
(4)
Alternatively you can also use Klist or Ktab utility that comes with standard java.
C:\>java sun.security.krb5.internal.tools.Klist -k -t krba01.keytab
Key tab: krba01.keytab, 2 entries found.
[1] Service principal: HTTP/krba01.incept.lab@INCEPT.LAB
KVNO: 3
Time stamp: Dec 05, 2013 15:25
[2] Service principal: service_krba01@INCEPT.LAB
KVNO: 3
Time stamp: Dec 05, 2013 15:25
C:\>java sun.security.krb5.internal.tools.Ktab -l -e -t -k krba01.keytab
Keytab name: krba01.keytab
KVNO Timestamp Principal
---- --------------- ---------------------------------------------------------------------------
3 12/5/13 3:25 PM HTTP/krba01.incept.lab@INCEPT.LAB (23:RC4 with HMAC)
3 12/5/13 3:25 PM service_krba01@INCEPT.LAB (23:RC4 with HMAC)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment