Table of Contents

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Security Guide

Security Guide

Working with Operating System Profiles in a Domain with Kerberos Authentication

Working with Operating System Profiles in a Domain with Kerberos Authentication

You can use operating system profiles in an Informatica domain that runs on a network with Kerberos authentication.
Consider the following rules and guidelines when you use operating system profiles in a domain that runs on a network with Kerberos authentication:
  • The user account for the operating system profile must be a principal in the Active Directory service used for Kerberos authentication and imported into an LDAP security domain in the Informatica domain.
  • The user account must have a Kerberos credentials cache file that is accessible to the operating system profile user account. Each operating system profile user account must have a separate credentials cache file.
  • The credentials cache file for the operating system profile user account must be forwardable. For example, if you use the kinit utility to create the credentials cache file, you must include the -f option.
  • The credentials cache file for the operating system profile user account must be available when you run a workflow that uses an operating system profile.
  • The credentials cache file for the operating system profile user account must always have the latest credentials. You can run a job scheduler utility, such as cron, to regularly update the user credentials in the credentials cache file.
  • You must set the following environment variables for the operating system profile:
    INFA_OSPI_SECURITY_DOMAIN
    Set the value to the name of the security domain that contains the user account for the operating system profile. If the user account is in the user realm security domain for Kerberos, you do not need to set this variable. The user realm security domain for Kerberos is the security domain created during installation which has the same name as the Kerberos user realm.
    KRB5_CONFIG
    Set the value to the path and file name of the Kerberos configuration file. The name of the Kerberos configuration file is krb5.conf.
    KRB5CCNAME
    Set the value to the path and file name of the Kerberos credentials cache file for the operating system profile user account.
    You can set the environment variables for the operating system profile in the Administrator tool. To set the environment variables for the operating system profile, click SecurityOperating System Profiles. Edit the properties of the operating system profile and set the environment variables.

Updated May 17, 2019


Explore Informatica Network