HP HPE iLO 5 User Manual page 308

For Windows Vista only: See Microsoft hotfix KB960830 and use Ktpass.exe version
6.0.6001.22331 or later.
2. Optional: Use the Setspn command to assign the Kerberos SPN to the iLO system.
3. Optional: Use the Setspn -L <iLO name> command to view the SPN for the iLO system.
Verify that the HTTP/myilo.somedomain.net service is displayed.
Ktpass
Syntax
Ktpass [options]
Description
Ktpass generates a binary file called the keytab file, which contains pairs of service principal names and
encrypted passwords for Kerberos authentication.
Parameters
+rndPass
Specifies a random password.
-ptype KRB5_NT_SRV_HST
The principal type. Use the host service instance (KRB5_NT_SRV_HST) type.
-princ <principal name>
Specifies the case-sensitive principal name. For example, HTTP/
myilo.somedomain.net@SOMEDOMAIN.net.
• The service type must use uppercase letters (HTTP).
• The iLO hostname must use lowercase letters (myilo.somedomain.net).
• The REALM name must use uppercase letters (@SOMEDOMAIN.NET).
-mapuser <user account>
Maps the principal name to the iLO system domain account.
-out <file name>
Specifies the file name for the .keytab file.
-crypto <encryption>
Specifies the encryption of the keys generated in the .keytab file.
If iLO is configured to use the HighSecurity, FIPS, or SuiteB security state, you must use an AES
Kerberos key type.
kvno
Override key version number.
IMPORTANT:
Do not use this parameter. This option causes the knvo in the keytab file to be out of sync with
the kvno in Active Directory.
308
Ktpass