Table of Contents


  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. Single Sign-on for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Step 5. Generate the Keytab Files

Step 5. Generate the Keytab Files

Generate the keytab files used to authenticate Informatica users and services.
You use the Microsoft Windows Server ktpass utility to generate a keytab file for each user account you created in Active Directory. You must generate the keytab files on a member server or on a domain controller within the Active Directory domain. You cannot generate keytab files on a workstation operating system such as Microsoft Windows 7.
To use ktpass to generate a keytab file, run the following command:
ktpass.exe -out <keytab filename> -princ <service principal name> -mapuser <user account> [-pass <user account password>]-crypto <key types> -ptype <principal type>
The following table describes the command options:
The file name of the Kerberos keytab file to generate as shown under the
column in the SPNKeytabFormat.txt file.
The service principal name displayed under the
column in the SPNKeytabFormat.txt file.
The Active Directory user account to associate with the SPN.
The password set in Active Directory for the Active Directory user account, if applicable.
Specifies the key types generated in the keytab file.
Set to all to use all supported cryptographic types.
The principal type. Set to KRB5_NT_PRINCIPAL.
The keytab files you generate depends on whether you enable Kerberos at the node level or at the process level.

Updated October 10, 2019