• We did not send an email asking for donations - please read this post.

A question about KeyTab files


New Member
Apr 21, 2020
Reaction score
Hello can someone please help me with the following question

I am from a Windows Server background, please do not kick me off the forum :)

I know how to create and use a KeyTab file. I note the following behaviour when creating a keytab file on Windows (to be used on a Linux system)

When creating the KeyTab (using KTPass on windows which is similar to KTUtil) the principal you specify e.g. HTTP://[email protected] (where REALM is the Active Directory realm) is used to do two things in Active Directory, we will use a User object in Active Direcrory this example to associate the KeyTab file too

1) Set the SPN (service principal name) associated with the user object
2) Set the 'user logon' name of the user object

Now I can understand why the SPN is to the value specified when creating the KeyTab file

What I do not understand is why the 'logon name' is set too, I can only assume when the Linux host tries to authenticate to AD using the KeyTab file it tries to 'authenticate' as the user whose 'logon name' matches the principal in the KeyTab file. Meaning any SPNs (as they may be more than one) is used post logon (or perhaps also referenced during the logon)

Can someone kindly help me with this question

Thanks very much
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online

No members online now.