You can configure the Informatica domain to use Kerberos network authentication to authenticate users, services, and nodes.
Kerberos is a network authentication protocol which uses tickets to authenticate access to services and nodes in a network. Kerberos uses a Key Distribution Center (KDC) to validate the identities of users and services and to grant tickets to authenticated user and service accounts. In the Kerberos protocol, users and services are known as principals. The KDC has a database of principals and their associated secret keys that are used as proof of identity. Kerberos can use an LDAP directory service as a principal database.
To use Kerberos authentication, you must install and run the Informatica domain on a network that uses Kerberos network authentication. Informatica can run on a network that uses Kerberos authentication with Microsoft Active Directory service as the principal database.
The Informatica domain requires keytab files to authenticate nodes and services in the domain without transmitting passwords over the network. The keytab files contain the service principal names (SPN) and associated encrypted keys. Create the keytab files before you create nodes and services in the Informatica domain.
Before you configure Kerberos authentication for the domain, perform the following tasks:
Set up the Kerberos configuration file.
Generate the service principal and keytab file names in the Informatica format.
Review the SPN and keytab format text file.
Request the Kerberos administrator to add the SPN to the Kerberos principal database and create the keytab files.