Reading a keytab file on Windows

Manju 110 Reputation points
2023-09-23T20:08:34.1133333+00:00

I created a keytab file using msktutil command on a Linux host.

msktutil -c -b "CN=COMPUTERS" -s HTTP/<xxxx> -h <xxx> -k /tmp/my.keytab --computer-name xyz --upn HTTP/xxxx --server <myserver> --verbose --enctypes 28

I copied this to a Windows host where I try to load this into my application and use it for client login.

But I am getting the following decryption error when I run the example application:

 Decrypting_Error: error decrypting EncPart of AS_REP < Decrypting_Error: error decrypting AS_REP encrypted part: matching key not found in keytab. Looking for "testuser" realm: MYLAB.LOCAL kvno: 2 etype: 18

I then copied the keytab (created using msktutil) from my Linux host to Windows AD Server and tried to read it using ktpass. This output doesn't match the output I get when I run klist -k <ktabfile> on Linux host.

Output from ktpass look like below:

ktpass /in .\my.keytab
Existing keytab:
Keytab version: 0x502
keysize 58 myhost$@MYDOMAIN.LOCAL ptype 1 (KRB5_NT_PRINCIPAL) vno 4 etype 0x17 (RC4-HMAC) keylength 16 (0xe59d026909ef6aca8943ae0df7f1ccaf)keysize 4 @ ptype 74 (**Unknown**) vno 77 etype 0x594c (Unknown) keylength 16706 (0x2e4c4f43414c00086d797371756964240000000165098f700400120020894bbc73dc00a1a710331a55ba688e8df884eb7380362f24672dc4fca831f52d000000040000003a0001000b4d594c41422e4c4f43414c00084d595351554944240000000165098f700400170010e59d026909ef6aca8943ae0df7f1ccaf000000040000003a0001000b4d594c41422e4c4f4341....

My query is should ktpass be able to read a ktab file creating by msktutil ? If yes, why don't output from ktpass (on Windows) and ktlist (on Linux) on the same keytab file match ?

Thank you.

-Manju

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,403 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.