Kerberos is a computer network authentication protocol that enables Informatica clients, nodes, and services communicating over a network to connect to one another in a secure manner.
Kerberos authentication eliminates Informatica native accounts and removes the need for the domain to pass user credentials to an LDAP server. After you enable Kerberos authentication in a domain, Informatica clients use the Kerberos tickets created during the Windows authentication process to log in to the Informatica services running in the domain.
You can enable Kerberos authentication in a domain that runs on a Windows network. The network must use Microsoft Active Directory Domain Services (AD DS) as the Kerberos principal database.
To enable Kerberos authentication in an Informatica domain, perform the following steps:
- Prepare to enable Kerberos authentication.
- You must complete multiple tasks before you enable Kerberos authentication. The tasks you must complete include the following tasks:
- Create the Kerberos configuration file.
- Create accounts for Kerberos principal users in Active Directory.
- Generate the service principal name (SPN) and keytab formats.
- Create the keytab files used to authenticate users and services in the network.
- Enable Kerberos authentication in the Informatica domain.
- You can enable Kerberos authentication in an Informatica domain when you install the Informatica services, or you can enable Kerberos authentication after you install the services. If you do not enable Kerberos authentication during installation, you can use the Informatica command line programs to configure the domain to use Kerberos authentication.
- Enable Kerberos authentication on Informatica nodes and client hosts.
- After you enable Kerberos in the domain, copy the Kerberos configuration file to each node in the domain and to each Informatica client host. You also configure web browsers to access the Informatica web applications.
- Enable Informatica users to use Kerberos authentication.
- After you enable Kerberos authentication, import Informatica users from Active Directory into an LDAP security domain that contains the Kerberos user accounts. You must also migrate the groups, roles, privileges, and permissions of the native user accounts to the user accounts in the LDAP security domain.