Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Running the Informatica Kerberos SPN Format Generator on UNIX

Running the Informatica Kerberos SPN Format Generator on UNIX

You can run the Informatica Kerberos SPN Format Generator to generate a file that shows the correct format for the SPNs and keytab file names required in the Informatica domain.
  1. On a machine that hosts the Informatica node, go to the following Informatica directory:
    <InformaticaDirectory>/Tools/Kerberos
  2. On a shell command line, run the SPNFormatGenerator.sh file.
  3. Press
    Enter
    to continue.
  4. In the
    Service Principal Level
    section, select the level at which to set the Kerberos service principals for the domain.
    The following table describes the levels you can select:
    Level
    Description
    1->Process Level
    Configures the domain to use a unique service principal name (SPN) and keytab file for each node and each application service on a node.
    The number of SPNs and keytab files required for each node depends on the number of application service processes that run on the node. Use the process level option for domains that require a high level of security, such as productions domains.
    2->Node Level
    Configures the domain to share SPNs and keytab files on a node.
    This option requires one SPN and keytab file for the node and all application services that run on the node. It also requires a separate SPN and keytab file for all HTTP processes on the node.
    Use the node level option for domains that do not require a high level of security, such as test and development domains.
  5. Enter the domain and node parameters required to generate the SPN format.
    The following table describes the parameters you must specify:
    Prompt
    Description
    Domain Name
    Name of the domain. The name must not exceed 128 characters and must be 7-bit ASCII only. It cannot contain a space or any of the following characters: ` % * + ; " ? , < > \ /
    Node name
    Name of the Informatica node.
    Node host name
    Fully qualified host name or the IP address of the machine on which to create the node. The node host name cannot contain the underscore (_) character.
    Do not use
    localhost
    . The host name must explicitly identify the machine.
    Service Realm Name
    Name of the Kerberos realm for the Informatica domain services. The realm name must be in uppercase.
    If you set the service principal at node level, the prompt
    Add Node?
    appears. If you set the service principal at process level, the prompt
    Add Service?
    appears.
  6. At the
    Add Node?
    prompt, enter 1 to generate the SPN format for an additional node. Then enter the node name and node host name.
    To generate the SPN formats for multiple nodes, enter 1 at each
    Add Node?
    prompt and enter a node name and node host name.
  7. At the
    Add Service?
    prompt, enter 1 to generate the SPN format for a service that will run on the preceding node. Then enter the service name.
    To generate the SPN formats for multiple services, enter 1 at each
    Add Service?
    prompt and enter a service name.
  8. Enter 2 to end the
    Add Service?
    or
    Add Node?
    prompts.
    The SPN Format Generator displays the path and file name of the file that contains the list of service principal and keytab file names.
  9. Press Enter to exit the SPN Format Generator.
The SPN Format Generator generates a text file that contains the SPN and keytab file names in the format required for the Informatica domain.


Updated April 29, 2019