PowerCenter
- PowerCenter 10.4.0
- All Products
infasetup switchToKerberosMode -ad <administrator name> -srn <Kerberos realm names> -urn <Kerberos realm names> -spnSL <service principal level>
Option
| Argument
| Description
|
---|---|---|
-administratorName
-ad
| user_name
| User name for the domain administrator account that is created when you configure Kerberos authentication. Specify the name of an account that exists in Active Directory.
After you configure Kerberos authentication, this user is included in the
_infaInternalNamespace security domain that the command creates.
If the domain uses a single Kerberos realm to authenticate users, specify the samAccount name of the account you want to use as the administrator account.
If the domain uses Kerberos cross realm authentication, specify the fully qualified user principal name of the account you want to use as the administrator account, including the realm name. For example:
sysadmin@COMPANY.COM
|
-ServiceRealmName
-srn
| Kerberos_realm_name
| Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example:
*EAST.COMPANY.COM
|
-UserRealmName
-urn
| Kerberos_realm_name
| Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example:
*EAST.COMPANY.COM
|
-SPNShareLevel
-spnSL
| NODE|PROCESS
| Service principal level for the domain.
Set to NODE to enable Kerberos at the node level.
Set to PROCESS to enable Kerberos at the process level.
|
infasetup switchToKerberosMode -ad sysadmin -srn COMPANY.COM -urn COMPANY.COM –spnSL NODE
infasetup switchToKerberosMode -ad sysadmin@COMPANY.COM -srn COMPANY.COM,COMPANY.EAST.COM,COMPANY.WEST.COM -urn COMPANY.COM,COMPANY.EAST.COM,COMPANY.WEST.COM –spnSL NODE