Data Engineering Integration
- Data Engineering Integration 10.5.2
- All Products
Property
| Description
|
---|---|
default_realm
| Name of the Kerberos realm to which the Informatica domain services belong. The realm name must be in uppercase.
If the domain uses a single Kerberos realm for authentication, the service realm name and the user realm name must be the same.
|
forwardable
| Allows a service to delegate client user credentials to another service. The Informatica domain requires application services to authenticate the client user credentials with other services.
Set to true.
|
default_tkt_enctypes
| Encryption types for the session key included in ticket-granting tickets (TGT). Set this property only if session keys must use specific encryption types. Ensure that the Kerberos Key Distribution Center (KDC) supports the encryption type that you specify.
Do not set this property to allow the Kerberos protocol to select the encryption type to use.
If the node hosts or Informatica client hosts use 256-bit encryption, install the Java Cryptography Extension (JCE) unlimited strength policy files on all node hosts and Informatica client hosts to avoid authentication issues.
|
rdns
| Determines whether reverse name lookup is used in addition to forward name lookup to canonicalize host names for use in service principal names.
Set to false.
|
renew_lifetime
| The default renewable lifetime for initial ticket requests.
|
ticket_lifetime
| The default lifetime for initial ticket requests.
|
udp_preference_limit
| Determines the protocol that Kerberos uses when it sends a message to the KDC.
Set to 1 to use the TCP protocol if the domain experiences intermittent Kerberos authentication failures.
|
dns_lookup_kdc
| Indicates whether the Kerberos client uses DNS SRV records to locate the KDCs and other servers for a realm, if they are not listed in the information for the realm. DNS uses SRV records to identify computers that host specific services. Required when the domain is Kerberos-enabled.
Requires you to set the admin_server realm property.
Set to true.
|
dns_lookup_realm
| Indicates whether the Kerberos client uses DNS TXT records to determine the Kerberos realm of a host. DNS uses text or TXT records to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information. Required when the domain is Kerberos-enabled.
Set to true.
|
Property
| Description
|
---|---|
admin_server
| The name or IP address of the Kerberos administration server host.
You can include an optional port number, separated from the host name by a colon. Default is 749.
|
kdc
| The name or IP address of a host running the Key Distribution Center (KDC) for the realm.
You can include an optional port number, separated from the host name by a colon. Default is 88.
|
[realms] HADOOP-REALM = { kdc = 123abcdl34.hadoop-realm.com admin server = def456.hadoop-realm.com }
[realms] INFA-AD-REALM = { kdc = 123abcd.infa-realm.com admin server = 123abcd.infa-realm.com } HADOOP-REALM = { kdc = 123abcdl34.hadoop-realm.com admin server = def456.hadoop-realm.com }
[domain_realm] .hadoop_realm.com = HADOOP-REALM hadoop_realm.com = HADOOP-REALM
[domain_realm] .infa_ad_realm.com = INFA-AD-REALM infa_ad_realm.com = INFA-AD-REALM .hadoop_realm.com = HADOOP-REALM hadoop_realm.com = HADOOP-REALM
[libdefaults] default_realm = COMPANY.COM forwardable = true rdns = false renew_lifetime = 7d ticket_lifetime = 24h udp_preference_limit = 1 dns_lookup_kdc = true dns_lookup_realm = true [realms] COMPANY.COM = { admin_server = KDC01.COMPANY.COM:749 kdc = KDC01.COMPANY.COM:88 } [domain_realm] .company.com = COMPANY.COM company.com = COMPANY.COM
[libdefaults] default_realm = COMPANY.COM forwardable = true rdns = false renew_lifetime = 7d ticket_lifetime = 24h udp_preference_limit = 1 dns_lookup_kdc = true dns_lookup_realm = true [realms] COMPANY.COM = { admin_server = KDC01.COMPANY.COM:749 kdc = KDC01.COMPANY.COM:88 } EAST.COMPANY.COM = { kdc = 10.75.141.193 admin_server = 10.75.141.193 } WEST.COMPANY.COM = { kdc = 10.78.140.111 admin_server = 10.78.140.111 [domain_realm] .company.com = COMPANY.COM company.com = COMPANY.COM .east.company.com = EAST.COMPANY.COM east.company.com = EAST.COMPANY.COM .west.company.com = WEST.COMPANY.COM west.company.com = WEST.COMPANY.COM