Description | This article describes how to encode the keytab to base64 when configuring Kerberos authentication. |
Scope |
If unable to configure the keytab follow through the guidelines at: |
Solution |
certutil -encode <keytab> <encode-file-name>
For example in Windows Server:
Note. Open the encoded output (fpxkvm-base64) with Notepad to retrieve the content. The following will be visible.
-----BEGIN CERTIFICATE-----
Note. The content of the encoded output will be configured as ketyab.
config user krb-keytab fortifpx (krb-keytab) # edit http_service fortifpx (http_service) # set principal HTTP/fortifpx.mk1.com@MK1.COM fortifpx (http_service) # set ldap-server LDAP fortifpx (http_service) # set keytab "BQIAAAA4AAIAB01LMS5DT00ABEhUVFAAEGZvcnRpZnB4Lm1rMS5jb20AAAABAAAAAAMAAQAIdmSMihnZGT0AAAA4AAIAB01LMS5DT00ABEhUVFAAEGZvcnRpZnB4Lm1rMS5jb20AAAABAAAAAAMAAwAIdmSMihnZGT0AAABAAAIAB01LMS5DT00ABEhUVFAAEGZvcnRpZnB4Lm1rMS5jb20AAAABAAAAAAMAFwAQFvRuHGNyZDrYZRwGKhKpuwAAAFAAAgAHTUsxLkNPTQAESFRUUAAQZm9ydGlmcHgubWsxLmNvbQAAAAEAAAAAAwASACDguExSNSVB9O1FD+S5OTGulRfPDBi0YelL/s152baiJAAAAEAAAgAHTUsxLkNPTQAESFRUUAAQZm9ydGlmcHgubWsxLmNvbQAAAAEAAAAAAwARABAhcLODf38dBzNWC3HL7WuV"
Note: Make sure those encoded contents are 'word wrap'. Started from v7.2.x, do not need to convert the keytab file to base64 code. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.