Ktpass Overview

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Ktpass.exe: Kerberos Keytab Setup

This command-line tool enables an administrator to configure a non-Windows Server 2003 Kerberos service as a security principal in the Windows Server 2003 Active Directory. KtPass configures the server principal name for the host or service in Active Directory and generates an MIT-style Kerberos "keytab" file containing the shared secret key of the service. The tool allows UNIX-based services that support Kerberos authentication to use the interoperability features provided by the Windows Server 2003 Kerberos KDC service.


  • The keytab output file is used to replace or merge with the MIT Kerberos /Etc/Krb5.keytab file. MIT Kerberos-based services (noninteractive) use the keytab to log on and use Kerberos services.

Corresponding UI

There is no corresponding user interface for this tool.


Kerberos is an authentication system designed to enable two parties to exchange private information across an otherwise open network. It assigns a unique key, called a ticket, to each user that logs on to the network. The ticket is embedded in messages to identify the sender of the message.

System Requirements

The following are the system requirements for KtPass:

  • Windows Server 2003

  • User's membership in the Administrators or Server Operators group on the target computer. Also, both the user account and the server computer must be members of the same domain or reside within trusted domains.

File Required

  • Ktpass.exe

See Also


Ktpass Remarks
Ktpass Syntax
Alphabetical List of Tools
Xcacls Overview
Sidwalker Security Administration Tools
Sidwalk Overview
Showaccs Overview
Sdcheck Overview
Ktpass Overview
Ksetup Overview
Getsid Overview