# Keytab file

A keytab is a file that contains the encrypted password for a user and should allow for joining the domain without providing credentials

This has been done on the [TrueNAS](https://docs.coltscomputer.services/books/colthome/page/truenascoltscomputerservices "TrueNAS.coltscomputer.services") server.

[TrueNAS documentation on Keytab](https://www.truenas.com/docs/core/coretutorials/directoryservices/kerberos/)

[Windows Documentation on Keytab](https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/ktpass)

Example command

<table border="1" id="bkmrk-ktpass-%2Fprinc-host%2Fu" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.8765%;"></col></colgroup><tbody><tr><td>ktpass /princ host/User1.contoso.com@CONTOSO.COM /mapuser User1 /pass MyPas$w0rd /out machine.keytab /crypto all /ptype KRB5\_NT\_PRINCIPAL /mapop set</td></tr></tbody></table>

actual command that was used

<table border="1" id="bkmrk-c%3A%5Cusers%5Cadmin.colt%3E" style="border-collapse: collapse; width: 100%;"><colgroup><col style="width: 99.8765%;"></col></colgroup><tbody><tr><td>C:\\Users\\admin.colt&gt;ktpass -princ admin.colt@coltscomputer.services -pass ScurvyCom.modore8602 -crypto all -ptype KRB5\_NT\_PRINCIPAL -kvno 0 -out c:\\admin.colt.KEYTAB</td></tr></tbody></table>