Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Running the Informatica Kerberos SPN Format Generator on Windows

Running the Informatica Kerberos SPN Format Generator on Windows

You can run the Informatica Kerberos SPN Format Generator to generate a file that shows the correct format for the SPNs and keytab file names required in the Informatica domain.
  1. On a machine that hosts the Informatica node, go to the following Informatica directory:
    <InformaticaDirectory>/Tools/Kerberos
  2. Run the SPNFormatGenerator.bat file.
    The Informatica Kerberos SPN Format Generator
    Welcome
    page appears.
  3. Click
    Next
    .
    The
    Service Principal Level
    page appears.
  4. Select the level at which to set the Kerberos service principals for the domain.
    The following table describes the levels you can select:
    Level
    Description
    Process Level
    Configures the domain to use a unique service principal name (SPN) and keytab file for each node and each application service on a node.
    The number of SPNs and keytab files required for each node depends on the number of application service processes that run on the node. Use the process level option for domains that require a high level of security, such as productions domains.
    Node Level
    Configures the domain to share SPNs and keytab files on a node.
    This option requires one SPN and keytab file for the node and all application services that run on the node. It also requires a separate SPN and keytab file for all HTTP processes on the node.
    Use the node level option for domains that do not require a high level of security, such as test and development domains.
  5. Click
    Next
    .
    The
    Authentication Parameters - Kerberos Authentication
    page appears.
  6. Enter the domain and node parameters to generate the SPN format.
    The following table describes the parameters you must specify:
    Prompt
    Description
    Domain Name
    Name of the domain. The name must not exceed 128 characters and must be 7-bit ASCII only. It cannot contain a space or any of the following characters: ` % * + ; " ? , < > \ /
    Node name
    Name of the Informatica node.
    Node host name
    Fully qualified host name or the IP address of the machine on which to create the node. The node host name cannot contain the underscore (_) character.
    Do not use
    localhost
    . The host name must explicitly identify the machine.
    Service Realm Name
    Name of the Kerberos realm for the Informatica domain services. The realm name must be in uppercase.
    If you set the service principal at node level, the utility displays the
    +Node
    button. If you set the service principal at process level, the utility displays the
    +Node
    and
    +Service
    buttons.
  7. To generate the SPN format for an additional node, click
    +Node
    and specify the node name and host name.
    You can enter multiple nodes for a domain.
  8. To generate the SPN format for a service, click
    +Service
    and specify the service name in the
    Service On Node
    field.
    The
    Service On Node
    field displays only if you set the service principal at process level and you click
    +Service
    . You can enter multiple services for a node. The services appear immediately below the node that they run on.
  9. To remove a node from the list, click
    -Node
    .
    The Informatica SPN Format Generator deletes the node. If you have added services to the node, the services are deleted with the node.
  10. To remove a service from a node, clear the service name field.
  11. Click
    Next
    .
    The SPN Format Generator displays the path and file name of the file that contains the list of service principal and keytab file names.
  12. Click
    Done
    to exit the SPN Format Generator.
The SPN Format Generator generates a text file that contains the SPN and keytab file names in the format required for the Informatica domain.


Updated April 29, 2019