Accounts Required at Process Level
Create the LDAP user accounts required to enable Kerberos authentication at the process level in Active Directory.
Create the following Kerberos principal accounts in Active Directory if you enable Kerberos at the process level:
- Node processes
- Create an account for each node that runs in the domain.
- HTTP processes
- Create an account for the Informatica web applications that run on a node in the domain. Web applications that run on a node might include Informatica Analyst and Catalog Administrator. Create a single account that is shared by all of the web applications that run on the node.
- Informatica Administrator service
- Create an account for the Administrator tool on each gateway node in the domain.
- Informatica application services
- Create an account for every Informatica application service that runs on each node in the domain.
- Bind User Distinguished Name (DN)
- Create an LDAP user account that you use to synchronize the LDAP security domain that contains Kerberos user accounts with Active Directory.