How To Manually Update The keytab File For Insights MSI ?

News Knowledge Base
, ,
1

How to manually update the keytab file for Insights MSI ?

Issue Description: How to manually update the keytab file for Insights MSI? This article can also be used to set a custom crypto key for the keytab file.

Resolution:

The password should be changed via the installer but there may be some scenarios where this needs to be done manually.

Steps: These steps apply to the MSI version of Insights,

  1. Generate the key tab file
    1. Login to a windows machine
    2. Run the following command: ktpass /out <outputfile>/WINDOWS_AUTH_AD_KEYTAB /princ <serviceAccount>@<domain> /pass * /crypto all /ptype KRB5_NT_PRINCIPAL -setpass
    3. This will generate a file called WINDOWS_AUTH_AD_KEYTAB. This is the keytab file.
  2. Tansfer the keytab file to the looker machine. For 22.4+ This is a linux machine. For 21.10, it is the Windows machine that hosts Insights
  3. Locate the configuration directory for Insights
    1. For 21.10, its located at %userprofile%\_insights
    2. For 22.4+ its the directory where the installation was done.
  4. Backup up the old keytab file. This will be named WINDOWS_AUTH_AD_KEYTAB. Name the backup as required
  5. Transfer the new WINDOWS_AUTH_AD_KEYTAB to the configuration directory
  6. With the file in place, re-initalize the kerberose configuration:
    • For 21.10
      1. Open an powershel console as admin.
      2. Run:
        1. docker exec -it looker-container /app/looker-init-job/scripts/configure-kerberos.sh
    • For 22.4+
      1. Run: sudo docker exec -it looker-container /app/looker-init-job/scripts/configure-kerberos.sh