With GNU bash:

user="PRINCIPAL"
pass="topsecret"

printf "%b" "addent -password -p $user -k 1 -e aes256-cts-hmac-sha1-96\n$pass\nwrite_kt $user.keytab" | ktutil

printf "%b" "read_kt $user.keytab\nlist" | ktutil

Output:

slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    1                          PRINCIPAL@YOURDOMAIN

To create the multiple orgs keytabs and default hbase,pipe,hdfs keytab at the same time you can run the below script, which i have just created:

#!/bin/bash
read -p "Please enter space-delimited list of ORGS to create: " NEW_ORGS

clear
#echo "#################  CREATE KEYTABS  ############################"
#echo ""
kdestroy

for i in $NEW_ORGS
do
     printf "%b" "addent -password -p ${i} -k 1 -e aes256-cts-hmac-sha1-96\n${i}\nwrite_kt ${i}.keytab" | ktutil

     printf "%b" "read_kt ${i}.keytab\nlist" | ktutil

done
echo ""


if [ ! -e /home/eip/.keytabs/hbase.keytab ]
then
        printf "%b" "addent -password -p hbase -k 1 -e aes256-cts-hmac-sha1-96\nhbase\nwrite_kt hbase.keytab" | ktutil

        printf "%b" "read_kt hbase.keytab\nlist" | ktutil
fi

exit 0

A version in Python

https://github.com/Tagar/stuff/blob/master/keytab.py

piping password to ktutil in shell is not secure as password will be visible in list of processes.

Since this Python scripts just interacts with ktutil using pexpect library, it's possible to implement the same as a pure shell script using expect.

Hope this helps.