We're updating some of our product names. Nintex Kryon RPA will soon be Nintex RPA. You may see both product names in our help pages while we make this change.

Generating a KEYTAB file (Kerberos)

Best practice to generate a KEYTAB is during the Nintex RPA Server installation as the Nintex RPA Server wizard provides you with convenient tools to perform this action.

You can generate a KEYTAB file once you get to the Authentication Platform Security step in the Nintex RPA installation wizard.

To generate the KEYTAB script, you can use the "copy command to clipboard" or the "save command to batch file".
- If you are installing on one primary machine, this is how the generic CLI script is formatted:
- ktpass -out filename.keytab -princ "HTTP/{FQDN}@DOMAIN" -mapUser "userPrincipalName" -mapOp set -pass "password" -crypto all -pType KRB5_NT_PRINCIPAL -setupn -setpass
- If you are installing on more than one machine (High-Availability), the generated script adds a dedicated line for every additional serve and includes the FDQNs of the servers. This is how the generic CLI script for two machines is formatted:
- ktpass -out filename.keytab -princ "HTTP/{FQDN}@DOMAIN" -mapUser "userPrincipalName" -mapOp set -pass "password" -crypto all -pType KRB5_NT_PRINCIPAL -setupn -setpass -mapOp add -in filename.keytab
Store the KEYTAB file at {InstallFolder}\IDP\Aerobase\Configuration\{filename}.keytab

To use KEYTAB file for Single Sign-on (Kerberos) Authentication, you need to set up the SPN with this command: Setspn -s "HTTP/<Server_FQDN>" "domain\username".

For more information, see Adding another LDAP user federation.

-Take me to the relevant step in the RPA Installation Guide-