Working with Operating System Profiles in a Domain with Kerberos Authentication
Working with Operating System Profiles in a Domain with Kerberos Authentication
You can use operating system profiles in an Informatica domain that runs on a network with Kerberos authentication.
Consider the following rules and guidelines when you use operating system profiles in a domain that runs on a network with Kerberos authentication:
The user account for the operating system profile must be a principal in the Active Directory service used for Kerberos authentication and imported into an LDAP security domain in the Informatica domain.
The user account must have a Kerberos credentials cache file that is accessible to the operating system profile user account. Each operating system profile user account must have a separate credentials cache file.
The credentials cache file for the operating system profile user account must be forwardable. For example, if you use the
kinit
utility to create the credentials cache file, you must include the
-f
option.
The credentials cache file for the operating system profile user account must be available when you run a workflow that uses an operating system profile.
The credentials cache file for the operating system profile user account must always have the latest credentials. You can run a job scheduler utility, such as
cron
, to regularly update the user credentials in the credentials cache file.
You must set the following environment variables for the operating system profile:
INFA_OSPI_SECURITY_DOMAIN
Set the value to the name of the security domain that contains the user account for the operating system profile. If the user account is in the user realm security domain for Kerberos, you do not need to set this variable. The user realm security domain for Kerberos is the security domain created during installation which has the same name as the Kerberos user realm.
KRB5_CONFIG
Set the value to the path and file name of the Kerberos configuration file. The name of the Kerberos configuration file is
krb5.conf
.
KRB5CCNAME
Set the value to the path and file name of the Kerberos credentials cache file for the operating system profile user account.
You can set the environment variables for the operating system profile in the Administrator tool. To set the environment variables for the operating system profile, click
Security
Operating System Profiles
. Edit the properties of the operating system profile and set the environment variables.