If the Informatica domain requires a high level of security, create a separate SPN and keytab file for each node and each service in the node.
The Informatica domain requires SPNs and keytab files for the following components at process level:
Principal distinguished name (DN) for the LDAP directory service
Principal name for the bind user DN that is used to search the LDAP directory service. The name of the keytab file must be
infa_ldapuser.keytab
.
Node process
Principal name for the Informatica node that initiates or accepts authentication calls.
Informatica Administrator service
Principal name for the Informatica Administrator service that authenticates the service with other services in the Informatica domain. The name of the keytab file must be
_AdminConsole.keytab
.
HTTP processes in the domain
Principal name for all web application services in the Informatica domain, including Informatica Administrator. The browser uses this principal name to authenticate with all HTTP processes in the domain. The name of the keytab file must be
webapp_http.keytab
.
Service process
Principal name for the application service that runs on a node in the Informatica domain. Each application service requires a unique service principal and keytab file name.