Resource Central



Note: ktedit has been superceded by vastool ktutil and ktutil commands, available since Quest Authentication Services 3.1.

ktedit is a small tool for editing keytab files.

ktedit grew out of my need to scriptably change principal names associated with keys, so it has functions to do that. It has some of the functionality of ktutil, and vastool ktlist. A unique feature is the copy command.

The tool is provided here because it can come in handy when creating service principal aliases.

Release: ktedit-1.2 (unstable)
Platform Filename Type Size Date
Show all 2 files | Other ktedit releases
linux-i386ktedit-1.2-1.i386.rpmpackage15 kB2009-12-03


Follows is a brief synopsis of the useful commands in ktedit-1.1. They are also described in more detail in its manual page.

copy key-pattern new-principal
Duplicates keytab entries, replacing their principal name. Useful for manually creating aliases.
delete key-pattern
Deletes entries.
Dumps keytab in text form, suitable for undump
Prints keytab contents
undump [-r]
Appends or replaces a keytab with keys read from a text stream


If you are on a system with rpm, you can build ktedit directly using rpmbuild -tb. Otherwise, unpack the source distribution, run configure and then make.

You may need the vasdev package installed to build ktedit.

Known issues

Warning: krb5_keytype_to_string: Program lacks support for key type
This harmless message arises in earlier versions of Quest Authentication Services because the addition of the DES-MD5 cipher was not given an internal name. Instead, ktedit will display the cipher type in its numeric form (3). You can safely ignore this message

— David Leonard