Table of Contents

Search

  1. Preface
  2. Part 1: Installation Getting Started
  3. Part 2: Before You Install the Services
  4. Part 3: Run the Services Installer
  5. Part 4: After You Install the Services
  6. Part 5: Informatica Client Installation
  7. Part 6: Uninstallation
  8. Appendix A: Starting and Stopping Informatica Services
  9. Appendix B: Connecting to Databases from UNIX or Linux
  10. Appendix C: Connecting to Databases from Windows
  11. Appendix D: Updating the DynamicSections Parameter of a DB2 Database

Installation for PowerCenter and Data Quality

Installation for PowerCenter and Data Quality

Create the Service Principal Names and Keytab Files

Create the Service Principal Names and Keytab Files

After you generate the list of SPN and keytab file names in Informatica format, send a request to the Kerberos administrator to add the SPNs to the Kerberos principal database and create the keytab files.
Use the following guidelines when you create the SPN and keytab files:
The user principal name (UPN) must be the same as the SPN.
When you create a user account for the service principal, you must set the UPN with the same name as the SPN. The application services in the Informatica domain can act as a service or a client depending on the operation. You must configure the service principal to be identifiable by the same UPN and SPN.
A user account must be associated with only one SPN. Do not set multiple SPNs for one user account.
Enable delegation in Microsoft Active Directory.
You must enable delegation for all user accounts with service principals used in the Informatica domain. In the Microsoft Active Directory Service, set the
Trust this user for delegation to any service (Kerberos only)
option for each user account that you set an SPN.
Delegated authentication happens when a user is authenticated with one service and that service uses the credentials of the authenticated user to connect to another service. Because services in the Informatica domain need to connect to other services to complete an operation, the Informatica domain requires the delegation option to be enabled in Microsoft Active Directory.
Use the ktpass utility to create the service principal keytab files.
Microsoft Active Directory supplies the ktpass utility to create keytab files. Informatica supports Kerberos authentication only on Microsoft Active Directory and has certified only keytab files that are created with ktpass.
The keytab files for a node must be available on the machine that hosts the node. By default, the keytab files are stored in the following directory:
<Informatica installation directory>/isp/config/keys
. During installation, you can specify a directory on the node to store the keytab files.
When you receive the keytab files from the Kerberos administrator, copy the keytab files to a directory that is accessible to the machine where you plan to install the Informatica services. When you run the Informatica installer, specify the location of the keytab files. The Informatica installer copies the keytab files to the directory for keytab files on the Informatica node.