Group Managed Service Account is a better option than keytab if you're assuming Windows Server/Active Directory.
replyKeytab usage is rare because the service you intend to run under that service account does not support keytabs.
replyThere's also the knock-on effect of Kerberos being mostly hidden in Active Directory and creating keytabs requiring CLI tooling -- from way back when AD was a GUI only (mostly) affair for AD admins.
In my experience next to nobody knows about the CLI tooling for Kerberos in Windows. It's a damn shame, too, because Windows interops well w/ standard Kerberos in my opinion.
replyThe only time that I can remember having to use keytabs is with ISC DHCP.... at home.
replyNo 3rd party AD-integrated software, of which there were plenty of non-MSFT stuff, did I ever have to create a keytab for when playing Domain Admin at work.
I used them with MobileIron, that was it.
reply