Table of Contents

Search

  1. About the Security Guide
  2. Introduction to Informatica Security
  3. User Authentication
  4. LDAP Authentication
  5. Kerberos Authentication
  6. SAML Authentication for Informatica Web Applications
  7. Domain Security
  8. Security Management in Informatica Administrator
  9. Users and Groups
  10. Privileges and Roles
  11. Permissions
  12. Audit Reports
  13. Appendix A: Command Line Privileges and Permissions
  14. Appendix B: Custom Roles

Security Guide

Security Guide

Working with Operating System Profiles in a Domain with Kerberos Authentication

Working with Operating System Profiles in a Domain with Kerberos Authentication

You can use operating system profiles in an Informatica domain that runs on a network with Kerberos authentication.
Consider the following rules and guidelines when you use operating system profiles in a domain that runs on a network with Kerberos authentication:
  • The user account for the operating system profile must be a principal in the Active Directory service used for Kerberos authentication and imported into an LDAP security domain in the Informatica domain.
  • The user account must have a Kerberos credentials cache file that is accessible to the operating system profile user account. Each operating system profile user account must have a separate credentials cache file.
  • The credentials cache file for the operating system profile user account must be forwardable. For example, if you use the
    kinit
    utility to create the credentials cache file, you must include the
    -f
    option.
  • The credentials cache file for the operating system profile user account must be available when you run a workflow that uses an operating system profile.
  • The credentials cache file for the operating system profile user account must always have the latest credentials. You can run a job scheduler utility, such as
    cron
    , to regularly update the user credentials in the credentials cache file.
  • You must set the following environment variables for the operating system profile:
    INFA_OSPI_SECURITY_DOMAIN
    Set the value to the name of the security domain that contains the user account for the operating system profile. If the user account is in the user realm security domain for Kerberos, you do not need to set this variable. The user realm security domain for Kerberos is the security domain created during installation which has the same name as the Kerberos user realm.
    KRB5_CONFIG
    Set the value to the path and file name of the Kerberos configuration file. The name of the Kerberos configuration file is
    krb5.conf
    .
    KRB5CCNAME
    Set the value to the path and file name of the Kerberos credentials cache file for the operating system profile user account.
    You can set the environment variables for the operating system profile in the Administrator tool. To set the environment variables for the operating system profile, click
    Security
    Operating System Profiles
    . Edit the properties of the operating system profile and set the environment variables.

0 COMMENTS

We’d like to hear from you!