Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Step 5. Review the SPN and Keytab Format Text File

Step 5. Review the SPN and Keytab Format Text File

The Kerberos SPN Format Generator generates a text file named SPNKeytabFormat.txt that lists the format for the service principal and keytab file names required by the Informatica domain. The list includes the SPN and keytab file names based on the service principal level you select.
Review the text file and verify that there are no error messages.
The text file contains the following information:
Entity Name
Identifies the node or service associated with the process.
SPN
Format for the SPN in the Kerberos principal database. The SPN is case sensitive. Each type of SPN has a different format.
An SPN can have one of the following formats:
Keytab type
SPN Format
NODE_SPN
isp/<
NodeName
>/<
DomainName
>@<
REALMNAME
>
NODE_AC_SPN
_AdminConsole/<
NodeName
>/<
DomainName
>@<
REALMNAME
>
NODE_HTTP_SPN
HTTP/<
NodeHostName
>@<
REALMNAME
>
The Kerberos SPN Format Generator validates the node host name. If the node host name is not valid, the utility does not generate an SPN. Instead, it displays the following message: Unable to resolve host name.
SERVICE_PROCESS_SPN
<
ServiceName
>/<
NodeName
>/<
DomainName
>@<
REALMNAME
>
Keytab File Name
Format for the name of the keytab file to be created for the associated SPN in the Kerberos principal database. The keytab file name is case sensitive.
The keytab file names use the following formats:
Keytab type
Keytab File Name
NODE_SPN
<
NodeName
>.keytab
NODE_AC_SPN
_AdminConsole.keytab
NODE_HTTP_SPN
webapp_http.keytab
SERVICE_PROCESS_SPN
<
ServiceName
>.keytab
Keytab Type
Type of the keytab. The keytab type can be one of the following types:
  • NODE_SPN. Keytab file for a node process.
  • NODE_AC_SPN. Keytab file for the Informatica Administrator service process.
  • NODE_HTTP_SPN. Keytab file for HTTP processes in a node.
  • SERVICE_PROCESS_SPN. Keytab file for a service process.

Service Principals at Node Level

The following example shows the contents of the SPNKeytabFormat.txt file generated for service principals at the node level:
ENTITY_NAME SPN KEY_TAB_NAME KEY_TAB_TYPE Node01 isp/Node01/InfaDomain@MY.SVCREALM.COM Node01.keytab NODE_SPN Node01 HTTP/NodeHost01.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN Node02 isp/Node02/InfaDomain@MY.SVCREALM.COM Node02.keytab NODE_SPN Node02 HTTP/NodeHost02.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN Node03 isp/Node03/InfaDomain@MY.SVCREALM.COM Node03.keytab NODE_SPN Node03 HTTP/NodeHost03.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN

Service Principals at Process Level

The following example shows the contents of the SPNKeytabFormat.txt file generated for service principals at the process level:
ENTITY_NAME SPN KEY_TAB_NAME KEY_TAB_TYPE Node01 isp/Node01/InfaDomain@MY.SVCREALM.COM Node01.keytab NODE_SPN Node01 _AdminConsole/Node01/InfaDomain@MY.SVCREALM.COM _AdminConsole.keytab NODE_AC_SPN Node01 HTTP/NodeHost01.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN Node02 isp/Node02/InfaDomain@MY.SVCREALM.COM Node02.keytab NODE_SPN Node02 _AdminConsole/Node02/InfaDomain@MY.SVCREALM.COM _AdminConsole.keytab NODE_AC_SPN Node02 HTTP/NodeHost02.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN Service10:Node01 Service10/Node01/InfaDomain@MY.SVCREALM.COM Service10.keytab SERVICE_PROCESS_SPN Service100:Node02 Service100/Node02/InfaDomain@MY.SVCREALM.COM Service100.keytab SERVICE_PROCESS_SPN Service200:Node02 Service200/Node02/InfaDomain@MY.SVCREALM.COM Service200.keytab SERVICE_PROCESS_SPN


Updated April 29, 2019