Handling Compromised Server or Machine Passwords in the Keytab File
If a server's or machine's password is compromised, you must change it in the registry and in the server's local keytab file by performing the following steps:
1. Use the keytab remove command to delete the compromised password.
2. Use the keytab add command to create a new password for the server or machine.
3. If you do not use the registry option of the keytab add command to update the server's or machine's registry account simultaneously with the server's or machine's keytab file, run the account modify command to change the server's or machine's password in the registry to the match the one in the keytab file.