I've been going down the road to enable Kerberos "Zero Auth" on our HPE Servers' ILO.
I've created the Computer Object in AD, added the SPNs, created the KeyTab and configured the Kerberos Auth config. Uploading the KeyTab via the Browser works fine and enables SSO.
Now wanting to automate this, using the HPeILO-CMDlets, everything works well except uploading the KeyTab file.
Apparently HPe expects this as Base64:
-Keytab <string[]> Specifies the contents of the keytab file which is a binary file containing pairs of principals and encrypted passwords. In the Windows environment, the keytab file is generated with a ktpass utility. After generating a binary keytab file using the appropriate utility, use a Base64 encoder to convert the binary file to ASCII format. Place the Base64 contents between: -----BEGIN KEYTAB----- and -----END KEYTAB-----.</string[]>
So I took the ktpass keytab and parsed this to Binary then to Base64
$keytab = Get-Content .\ILO.keytab
$keytab looks like this:
�� U �
DOMAIN.LOCAL �HTTP �hostname.domain.local � � � �V�óíÈË� –±°Ñ¶Š
$Bytes = [System.Text.Encoding]::Unicode.GetBytes($keytab)
$keytabBase64 =[Convert]::ToBase64String($Bytes)
$keytabBase64
$keytabUpload =@"
-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----
"@
Trying to upload like so
$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.LOCAL -KDCAddress DOMAIN.LOCAL -KDCPort 88 -Keytab $keytabUpload
I'm getting the following Error:
Keytab Error, Keytab not properly encoded.
Again, using the same, original ILO.keytab and uploading it into the Config via the Web UI works. So the original file is good.
I assume I'm doing something wrong with the base64 encoding but I'm not sure what. Any help is greatly appreciated
