Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication Setup
  6. Domain Security
  7. Security Management in Informatica Administrator
  8. Users and Groups
  9. Privileges and Roles
  10. Permissions
  11. Audit Reports
  12. Command Line Privileges and Permissions
  13. Custom Roles

Step 9. Update the Client Machines

Step 9. Update the Client Machines

Copy the Kerberos configuration file and set the environment variable on the machines that host the Informatica clients. You must also configure the browser to access the Informatica web applications.
After you configure the Informatica domain to run with Kerberos authentication, perform the following tasks on the Informatica client tools:
Copy the Kerberos configuration file to the client machines.
Copy the configuration file to each machine that hosts an Informatica client. You must copy the
krb5.conf
file to the following directory:
<Informatica Client Directory>/shared/security
Set the KRB5_CONFIG environment variables with the Kerberos configuration file.
Use the KRB5_CONFIG environment variable to store the path and file name of the Kerberos configuration file,
krb5.conf
. You must set the KRB5_CONFIG environment variable on each machine that hosts an Informatica client.
Configure the web browser.
If the Informatica domain runs on a network with Kerberos authentication, you must configure the browser to allow access to the Informatica web applications. In Microsoft Internet Explorer and Google Chrome, add the URL of the Informatica web application to the list of trusted sites. If you are using Chrome version 41 or later, you must also set the
AuthServerWhitelist
and
AuthNegotiateDelegateWhitelist
policies.
On UNIX, create a credentials cache file for single sign-on
To run the Informatica command line programs on UNIX with single sign-on, you must generate a credentials cache file to authenticate the user account running the commands on the Kerberos network. Use the
kinit
utility from MIT Kerberos to generate the credentials cache file. The credentials cache file enables a user to run the commands without the user name and password options.
If you use a credentials cache file, you must set the default path and filename for the credentials cache in KRB5CCNAME environment variable.
For more information about running the Informatica command line programs on UNIX with single sign-on, see the
Informatica Command Reference
.


Updated April 29, 2019