Table of Contents

Search

  1. Preface
  2. Part 1: Installation Getting Started
  3. Part 2: Before You Install the Services
  4. Part 3: Run the Services Installer
  5. Part 4: After You Install the Services
  6. Part 5: Informatica Client Installation
  7. Part 6: Uninstallation
  8. Appendix A: Starting and Stopping Informatica Services
  9. Appendix B: Connecting to Databases from UNIX or Linux
  10. Appendix C: Connecting to Databases from Windows
  11. Appendix D: Updating the DynamicSections Parameter of a DB2 Database

Installation for PowerCenter and Data Quality

Installation for PowerCenter and Data Quality

Set Up the Kerberos Configuration File

Set Up the Kerberos Configuration File

Kerberos stores configuration information in a file named
krb5.conf
. Informatica requires specific properties set in the Kerberos configuration file so that the Informatica domain can use Kerberos authentication correctly. You must set the properties in the krb5.conf configuration file.
The configuration file contains the information about the Kerberos server, including the Kerberos realm and the address of the KDC. You can request the Kerberos administrator to set the properties in the configuration file and send you a copy of the file.
  1. Back up the krb5.conf file before you make any changes.
  2. Edit the krb5.conf file.
  3. In the
    libdefaults
    section, set or add the properties required by Informatica.
    The following table lists the values to which you must set properties In the libdefaults section:
    Parameter
    Value
    default_realm
    Name of the service realm for the Informatica domain.
    forwardable
    Allows a service to delegate client user credentials to another service. Set this parameter to True. The Informatica domain requires application services to authenticate the client user credentials with other services.
    default_tkt_enctypes
    Encryption types for the session key in ticket-granting tickets (TGT). Set this parameter only if session keys must use specific encryption types.
    udp_preference_limit
    Determines the protocol that Kerberos uses when it sends a message to the KDC. Set udp_preference_limit = 1 to always use TCP. The Informatica domain supports only the TCP protocol. If the udp_preference_limit is set to any other value, the Informatica domain can shut down unexpectedly.
  4. In the
    realms
    section, include the port number in the address of the KDC separated by a colon.
    For example, if the KDC address is kerberos.example.com and the port number is 88, set the
    kdc
    parameter to the following:
    kdc = kerberos.example.com:88
  5. Save the krb5.conf file.
  6. Store the krb5.conf file in a directory that is accessible to the machine where you plan to install the Informatica services.
The following example shows the content of a krb5.conf with the required properties:
[libdefaults] default_realm = AFNIKRB.AFNIDEV.COM forwardable = true udp_preference_limit = 1 [realms] AFNIKRB.AFNIDEV.COM = { admin_server = SMPLKERDC01.AFNIKRB.AFNIDEV.COM kdc = SMPLKERDC01.AFNIKRB.AFNIDEV.COM:88 } [domain_realm] afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM .afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM
For more information about the Kerberos configuration file, see the Kerberos network authentication documentation.