Creating a keytab file is straightforward.
If you are creating a keytab file for a user with a password you should use the ‘kutil’ program.
ktutil: add_entry -password -p principal -k knvo -e enctype
ktutil: write_kt keytabfile
principal is your principal, e.g., firstname.lastname@example.org or email@example.com for a more restricted principal
knvo is the key version number. 1 should be fine.
enctype is the encryption type. This is typically something like aes128-cts-hmac-sha1-96, des3-cbc-sha1, or arcfour-hmac. You should check with your system administrator to get the precise encryption types required. You can call this line multiple times, once for each encryption type.
keytabfile is your keytab file. It traditionally ends with the .keytab extension.
You can verify the new file with ‘klist -kt keytabfile’.
If you are creating a keytab file for a server you must use the ‘kadmin’ program.
If the server principal does not exist yet:
kadmin: add_principal principal
kadmin: ktadd -k keytabfile principal
If the server principal already exists:
kdamin: ktadd -k keytabfile -norandkey principal
where principal is something like “hdfs/18.104.22.168@MYORG.EXAMPLE.COM”.