Create a Kerberos SPN and keytab file on the Microsoft AD domain controller machine

Create a Kerberos SPN and keytab file on the Microsoft AD domain controller machine

To support HTTP requests using the SPNEGO web authentication for WebSphere Application Server, we create a Kerberos service principal name (SPN) and keytab file on the Microsoft Active Directory domain controller machine

Create a user account for WAS in Microsoft Active Directory.
This account is eventually mapped to the Kerberos service principal name (SPN).

On the Microsoft AD machine where the Kerberos key distribution center (KDC) is active, use the setspn command to map the AD user account to the Kerberos SPN.

Use the Microsoft ktpass tool to create the Kerberos keytab file (krb5.keytab).
Copy the krb5.keytab file from the AD Domain Controller machine to the WAS machine.

What to do next
Create a Kerberos configuration file

Related
Create a single sign-on for HTTP requests using SPNEGO Web authentication
Create a Kerberos service principal name and keytab file
Configure Kerberos as the authentication mechanism using the administrative console
CSIv2 inbound communications settings
CSIv2 outbound communications settings
SPNEGO web authentication configuration commands
SPNEGO web authentication filter commands