Exporting keytabs for other systems

I’ve tried to export a keytab for a system:

#ktutil -k ~/nc158-muc-v4_host.keytab get host/nc158-muc-v4.test.test@TEST.TEST

I am asked to enter password for principal root/admin@TEST.TEST! This user doesn’t exist. I thought about using “Administrator”: “kinit Administrator”, then entered the known password. Tickets where created and available. Since exporting a keytab needs admin rights I suspected to be asked again for password for “administrator/admin@TEST.TEST” trying to export the keytab. Yes it was. The known Passwort for “Administrator” didn’t match. The principal “administrator/admin@TEST.TEST” didn’t even exist.

How do I export a keytab with UCS without any kerberos admin user (no user having “/admin” option set?


I’ve created a short SDB article for this to clarify: sdb.univention.de/1275

Janis Meybohm