Server Management - Remote Server Management
cancel
Showing results for 
Search instead for 
Did you mean: 

KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration

 
SOLVED
Go to solution
Highlighted
Occasional Collector

KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration

I've been going down the road to enable Kerberos "Zero Auth" on our HPE Servers' ILO.
I've created the Computer Object in AD, added the SPNs, created the KeyTab and configured the Kerberos Auth config. Uploading the KeyTab via the Browser works fine and enables SSO.
Now wanting to automate this, using the HPeILO-CMDlets, everything works well except uploading the KeyTab file.
Apparently HPe expects this as Base64:

 

-Keytab <string[]> Specifies the contents of the keytab file which is a binary file containing pairs of principals and encrypted passwords. In the Windows environment, the keytab file is generated with a ktpass utility. After generating a binary keytab file using the appropriate utility, use a Base64 encoder to convert the binary file to ASCII format. Place the Base64 contents between: -----BEGIN KEYTAB----- and -----END KEYTAB-----.</string[]>

 


So I took the ktpass keytab and parsed this to Binary then to Base64

 

 

 

$keytab = Get-Content .\ILO.keytab
$keytab looks like this:
 U 
DOMAIN.LOCAL HTTP hostname.domain.local    VóíÈË –­­±°Ñ¶Š

$Bytes = [System.Text.Encoding]::Unicode.GetBytes($keytab)
$keytabBase64 =[Convert]::ToBase64String($Bytes)
$keytabBase64
$keytabUpload =@"
-----BEGIN KEYTAB-----
$keytabBase64
-----END KEYTAB-----
"@

 

 


Trying to upload like so

 

 

$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.LOCAL -KDCAddress DOMAIN.LOCAL -KDCPort 88 -Keytab $keytabUpload

 

 


I'm getting the following Error:

 

 

Keytab Error, Keytab not properly encoded.

 

 


Again, using the same, original ILO.keytab and uploading it into the Config via the Web UI works. So the original file is good.
I assume I'm doing something wrong with the base64 encoding but I'm not sure what. Any help is greatly appreciated

2 REPLIES 2
Highlighted
HPE Pro

Re: KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration

Please refer to the below Advisory,

https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-a00088213en_us

Refer to the User Guide at: Configuring Kerberos authentication settings in iLO

https://support.hpe.com/hpesc/public/docDisplay?docId=a00018324en_us

Let us know if any user guide is being followed, if yes, please share the link for the User Guide that is being followed.

Thank you


I am an HPE employee
Accept or Kudo
Highlighted
Occasional Collector
Solution

Re: KeyTab File Base64 encoding for HPeILO PowerShell Kerberos Configuration

Found a Solution thanks to Reddit.

Get-Content has a switch to import straight as Byte, which can be turned into Base64 and then uploaded using the HPEILO CMDLets:

$keytab = Get-Content .\$ILO.keytab -Encoding Byte

$keytabBase64 =[Convert]::ToBase64String($keytab)

$keytabBase64

$keytabUpload ="-----BEGIN KEYTAB-----

$keytabBase64

-----END KEYTAB-----"

$session | Set-HPEiLOKerberosConfig -KerberosEnabled Yes -Realm DOMAIN.COM -KDCAddress DOMAIN.COM -KDCPort 88 -Keytab $keytabUpload