Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Security Domains
  5. Kerberos Authentication
  6. Domain Security
  7. SAML Authentication for Informatica Web Applications
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Step 2. Update the Nodes in the Domain

Step 2. Update the Nodes in the Domain

Update all gateway and worker nodes with the Kerberos authentication server information except the gateway nodes on which you ran the infasetup switchToKerberosMode command.
Use the following commands to update the gateway and worker nodes:
infasetup UpdateGatewayNode
Use the UpdateGatewayNode command to set the Kerberos authentication parameters on a gateway node in the domain. If the domain has multiple gateway nodes, run the UpdateGatewayNode command on each gateway node.
infasetup UpdateWorkerNode
Use the UpdateWorkerNode command to set the Kerberos authentication parameters on a worker node in the domain. If the domain has multiple worker nodes, run the UpdateWorkerNode command on each worker node.
  1. At the command prompt on a node, switch to the directory where the infasetup executable is located:
    <Informatica installation directory>\isp\bin
  2. To set the Kerberos authentication parameters on a gateway node, run the following command:
    infasetup UpdateGatewayNode -krb <true|false> -srn <Kerberos realm name> -urn <Kerberos realm name>
    To set the Kerberos authentication parameters on a worker node, run the following command:
    infasetup UpdateWorkerNode -krb <true|false> -srn <Kerberos realm name> -urn <Kerberos realm name>
    The following table describes the options and arguments required to enable Kerberos authentication on a node:
    Option
    Argument
    Description
    -EnableKerberos
    -krb
    true|false
    Configures the Informatica domain to use Kerberos authentication.
    Set to true to enable Kerberos authentication. Default is false.
    -ServiceRealmName
    -srn
    Kerberos_realm_name
    Name of the Kerberos realm specified in the Kerberos configuration file. The realm name must be in uppercase and is case-sensitive.
    The service realm name and the user realm name must be the same.
    -UserRealmName
    -urn
    Kerberos_realm_name
    Name of the Kerberos realm specified in the Kerberos configuration file.
    The service realm name and the user realm name must be the same.
    The following example updates a worker node to use Kerberos authentication:
    infasetup updateWorkerNode -krb true -srn EXAMPLE.COM -urn EXAMPLE.COM


Updated April 29, 2019