Table of Contents


  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Command Line Privileges and Permissions
  14. Custom Roles
  15. Default List of Cipher Suites

Kerberos Cross Realm Authentication

Kerberos Cross Realm Authentication

You can configure an Informatica domain to use Kerberos cross realm authentication. Kerberos cross realm authentication enables Informatica clients that belong to one Kerberos realm to authenticate with nodes and application services that belong to another Kerberos realm.
When you configure a domain to use Kerberos cross-realm authentication, you add properties for each Kerberos realm to the Kerberos configuration file. You also include the name of each realm when you run infasetup commands to enable Kerberos authentication in the domain and on domain nodes.
The Active Directory servers that the domain uses for Kerberos cross realm authentication must belong to the same Active Directory forest. An Active Directory forest is a group of Active Directory domains that share a common global catalog, directory schema, logical structure, and directory configuration. You connect to the global catalog to import users from the Active Directory servers into LDAP security domains.
To use Kerberos cross domain authentication, two-way trust must be enabled between the Active Directory servers in the forest.

Updated June 26, 2020