How to Connect to a Microsoft SQL Server Database that Uses Kerberos Authentication in Informatica 10.x

How to Connect to a Microsoft SQL Server Database that Uses Kerberos Authentication in Informatica 10.x

Step 1. Update the System Configuration Files

Step 1. Update the System Configuration Files

Configure the services and hosts file on the machine where the PowerCenter Integration Service runs.
  1. Work with your system administrator to get the krb5.conf file, which is the Kerberos configuration file.
    The following example shows the content of the Kerberos configuration file named krb5.conf with the required properties:
    [libdefaults] default_realm = AFNIKRB.AFNIDEV.COM forwardable = true default_tkt_enctypes = rc4-hmac udp_preference_limit = 1 [realms] AFNIKRB.AFNIDEV.COM = { admin_server = SMPLKERDC01.AFNIKRB.AFNIDEV.COM kdc = SMPLKERDC01.AFNIKRB.AFNIDEV.COM:88 } [domain_realm] afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM .afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM
  2. To configure the Informatica domain to run with Kerberos authentication, perform one of the following steps:
    • Copy the krb5.conf configuration file to the following Informatica directory:
      <INFA_HOME>/services/shared/security
      If the domain has multiple nodes, copy the krb5.conf file to the same directory on all the nodes in the domain.
    • Set the KRB5_CONFIG environment variable to store the complete path and file name of the Kerberos configuration file, krb5.conf.
      For example, set the environment variable as follows:
      KRB5_CONFIG=<INFA_HOME>/services/shared/security/krb5.conf
      You must set the KRB5_CONFIG environment variable on each machine that runs the PowerCenter Integration Service.
    For more information about the Kerberos configuration file, see the Kerberos network authentication documentation.
  3. Work with your system administrator to edit the hosts file on the machine where the PowerCenter Integration Service runs based on the sample syntax:
    <IP address of the machine where the Microsoft SQL Server database runs> <fully qualified domain name of the machine where the Microsoft SQL Server database runs> <alias of machine where the Microsoft SQL Server database runs>
    <IP address of the machine where the Microsoft Active Directory Key Distribution Center runs> <fully qualified domain name of the machine where the Microsoft Active Directory KDC runs> <alias of machine where the Microsoft Active Directory KDC runs>
    For example, the system admin can enter the first line of the syntax as follows:
    10.65.143.123 myMSSQLdb.afnikrb.afnidev.com myMSSQLdb
    The system admin can enter the second line of the syntax as follows:
    10.65.143.111 SMPLKERDC01.AFNIKRB.AFNIDEV.COM myKDC
    On UNIX machines, the hosts file is present in the following path:
    /etc/hosts
    On Windows machines, the hosts file is present in the following path:
    C:\Windows\System32\drivers\etc
  4. Work with your system administrator to ensure that the etc/services file contains the entry for Kerberos service.
    On UNIX machines, the services file is present in the following path:
    /etc/services
    On Windows machines, the hosts file is present in the following path:
    C:\Windows\System32\drivers\etc
    For example, the etc/services file contains the Kerberos service entries as follows:
    kerberos 88/tcp krb5 kerberos-sec #Kerberos kerberos 88/udp krb5 kerberos-sec #Kerberos
    where kerberos is the service name. 88/tcp or 88/udp is port/protocol. Kerberos service can run on either the tcp or udp protocol.
  5. In the command prompt, enter the
    kdstry
    command for cleaning up the credential cache:
    kdstry
  6. Initialize the Kerberos ticket for the Active Directory user who is also a valid user in the Microsoft SQL Server database with the following command:
    kinit <AD_user>
  7. Enter the
    klist
    command to view all the entries present in the credential cache.
    This displays the default principal, the ticket cache, and the ticket validity details.
Alternatively, if the Microsoft SQL Server database uses SSL encryption, install the server SSL certificate using the Microsoft Management Console (MMC). For more information, see step 1 in the following Informatica How-to Library article: How to Configure a Secure Connection to Microsoft SQL Server.