Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Step 4. Generate the Principal Name and Keytab Format

Step 4. Generate the Principal Name and Keytab Format

If you run the Informatica domain with Kerberos authentication, you must associate Kerberos service principal names (SPN) and keytab files with the nodes and processes in the Informatica domain. Informatica requires keytab files to authenticate services in the network without requests for passwords.
Based on the security requirements for the domain, you can set the service principal level to one of the following levels:
Node Level
If the domain is used for testing or development and does not require a high level of security, you can set the service principal at the node level. You can use one SPN and keytab file for the node and all the service processes on the node. You must also set up a separate SPN and keytab file for the HTTP processes on node.
Process Level
If the domain is used for production and requires a high level of security, you can set the service principal at the process level. Create a unique SPN and keytab file for each node and each process on the node. You must also set up a separate SPN and keytab file for the HTTP processes on node.
The Informatica domain requires the service principal and keytab file names to follow a specific format. To ensure that you follow the correct format for the service principal and keytab file names, use the Informatica Kerberos SPN Format Generator to generate a list of the service principal and keytab file names in the format required by the Informatica domain.


Updated April 29, 2019