Firstly, let me say that the manuals available for ktutil that describe its shell-like environment are outdated. ktutil no longer runs as such (at least the newest ports version in FreeBSD). Instead, I used the FreeBSD man pages and found the
correct help, though it still didn't specify any encryption schemes that were acceptable.. I used
#ktutil add and was asked to specify encryption. At this point, I cross referenced ktpass's help file to discern what encryption schemes it has available. After entering each into ktutil, only one was listed as acceptable, des-cbc-md5, so I made a keytab on the Domain Controller and moved it to the Kerberos server and ktutil accepted it.
#ktutil list did indeed list the keyfile. Later, I noticed that the previously linked page's suggested configuration did indeed list the proper encryption scheme as des-cbc-md5, though offered depreciated commands.
RTFM@me.
I suppose I'm on my way to secure dynamic update across my domain. Thanks anyway everyone. I'm sure that my cross platform adventures will bring be back shortly with more problems to mull over.