Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Update the Nodes in the Domain

Update the Nodes in the Domain

Update all gateway and worker nodes with the Kerberos authentication server information except the gateway nodes on which you ran the infasetup switchToKerberosMode command.
Use the following commands to update the gateway and worker nodes:
infasetup UpdateGatewayNode
Use the UpdateGatewayNode command to set the Kerberos authentication parameters on a gateway node in the domain. If the domain has multiple gateway nodes, run the UpdateGatewayNode command on each gateway node.
infasetup UpdateWorkerNode
Use the UpdateWorkerNode command to set the Kerberos authentication parameters on a worker node in the domain. If the domain has multiple worker nodes, run the UpdateWorkerNode command on each worker node.
  1. At the command prompt on a node, switch to the directory where the infasetup executable is located:
    <Informatica installation directory>\isp\bin
  2. To set the Kerberos authentication parameters on a gateway node, run the following command:
    infasetup UpdateGatewayNode -krb <true|false> -srn <Kerberos realm names> -urn <Kerberos realm names>
    To set the Kerberos authentication parameters on a worker node, run the following command:
    infasetup UpdateWorkerNode -krb <true|false> -srn <Kerberos realm names> -urn <Kerberos realm names>
    The following table describes the options and arguments required to enable Kerberos authentication on a node:
    Option Argument Description
    -EnableKerberos
    -krb
    true|false Configures the Informatica domain to use Kerberos authentication.
    Set to true to enable Kerberos authentication. Default is false.
    -ServiceRealmName
    -srn
    Kerberos_realm_name Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
    To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
    COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
    Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example:
    *EAST.COMPANY.COM
    -UserRealmName
    -urn
    Kerberos_realm_name Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
    To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
    COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
    Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example:
    *EAST.COMPANY.COM
    The following example updates a worker node to use Kerberos authentication:
    infasetup updateWorkerNode -krb true -srn COMPANY.COM -urn COMPANY.COM
    The following example updates a worker node to use Kerberos cross realm authentication:
    infasetup updateWorkerNode -krb true -srn COMPANY.COM,COMPANY.EAST.COM,COMPANY.WEST.COM -urn COMPANY.COM,COMPANY.EAST.COM,COMPANY.WEST.COM

Updated July 24, 2019


Explore Informatica Network