- Community Home
- >
- Servers and Operating Systems
- >
- ProLiant
- >
- Server Management - Remote Server Management
- >
- KeyTab File Base64 encoding for HPeILO PowerShell ...
-
-
Forums
- Products
- Servers and Operating Systems
- Storage
- Software
- Services
- HPE GreenLake
- Company
- Events
- Webinars
- Partner Solutions and Certifications
- Local Language
- China - 简体中文
- Japan - 日本語
- Korea - 한국어
- Taiwan - 繁體中文
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Blog, Poland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-11-2020 08:44 AM
03-11-2020 08:44 AM
I've been going down the road to enable Kerberos "Zero Auth" on our HPE Servers' ILO.
I've created the Computer Object in AD, added the SPNs, created the KeyTab and configured the Kerberos Auth config. Uploading the KeyTab via the Browser works fine and enables SSO.
Now wanting to automate this, using the HPeILO-CMDlets, everything works well except uploading the KeyTab file.
Apparently HPe expects this as Base64:
-Keytab <string[]> Specifies the contents of the keytab file which is a binary file containing pairs of principals and encrypted passwords. In the Windows environment, the keytab file is generated with a ktpass utility. After generating a binary keytab file using the appropriate utility, use a Base64 encoder to convert the binary file to ASCII format. Place the Base64 contents between: -----BEGIN KEYTAB----- and -----END KEYTAB-----.</string[]>
So I took the ktpass keytab and parsed this to Binary then to Base64
$keytab = Get-Content .\ILO.keytab
$keytab looks like this:
U
DOMAIN.LOCAL HTTP hostname.domain.local VóíÈË –±°Ñ¶Š
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($keytab)
$keytabBase64 =[Convert]::ToBase64String($Bytes)
$keytabBase64
$keytabUpload =@"
-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----
"@
Trying to upload like so
$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.LOCAL -KDCAddress DOMAIN.LOCAL -KDCPort 88 -Keytab $keytabUpload
I'm getting the following Error:
Keytab Error, Keytab not properly encoded.
Again, using the same, original ILO.keytab and uploading it into the Config via the Web UI works. So the original file is good.
I assume I'm doing something wrong with the base64 encoding but I'm not sure what. Any help is greatly appreciated
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-21-2020 10:44 PM - edited 03-21-2020 10:52 PM
03-21-2020 10:44 PM - edited 03-21-2020 10:52 PM
Re: KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration
Please refer to the below Advisory,
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00088213en_us
Refer to the User Guide at: Configuring Kerberos authentication settings in iLO
https://support.hpe.com/hpesc/public/docDisplay?docId=a00018324en_us
Let us know if any user guide is being followed, if yes, please share the link for the User Guide that is being followed.
Thank you
I am an HPE employee

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-24-2020 05:23 AM
03-24-2020 05:23 AM
SolutionFound a Solution thanks to Reddit.
Get-Content has a switch to import straight as Byte, which can be turned into Base64 and then uploaded using the HPEILO CMDLets:
$keytab = Get-Content .\$ILO.keytab -Encoding Byte
$keytabBase64 =[Convert]::ToBase64String($keytab)
$keytabBase64
$keytabUpload ="-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----"
$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.COM -KDCAddress DOMAIN.COM -KDCPort 88 -Keytab $keytabUpload
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2022 Hewlett Packard Enterprise Development LP