Using Two-Factor Authentication to Connect to a Kerberos-enabled Informatica Domain

Using Two-Factor Authentication to Connect to a Kerberos-enabled Informatica Domain

Increase the Kerberos Buffer Size to Accommodate Large Tokens

Increase the Kerberos Buffer Size to Accommodate Large Tokens

You can increase the Kerberos buffer size on computers hosting Informatica clients if large tokens cause user authentication issues.
Depending on the Windows network configuration, Kerberos tickets created for a user may include Privilege Account Certificate (PAC) information. The PAC structure contains such data such as the user's security identifiers, group membership, user profile information, and password credentials. Depending on the amount of data stored, the PAC might make Kerberos tokens larger than the default allocated buffer size, resulting in authentication failures. 
You can increase the Kerberos buffer size by adding the following value to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry key on computers hosting Informatica clients:
  • Entry: MaxTokenSize
  • Type: REG_DWORD
  • Base: Decimal
  • Data: 48000

0 COMMENTS

We’d like to hear from you!