Hi, I'm Ask INFA!
What would you like to know?
ASK INFAPreview
Please to access Ask INFA.
Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Cloud Data Integration for PowerCenter
  • All Products

Table of Contents

Search

  1. Preface
  2. Getting started
  3. Before you begin
  4. Installing Secure Agents
  5. Create a CDI-PC domain
  6. Join a CDI-PC domain
  7. Run the silent installer
  8. Resuming an installation
  9. Before you migrate the Informatica domain
  10. Migrate the domain
  11. Migrate the domain with changes to node configuration
  12. Migrate the domain in silent mode
  13. After you migrate the domain
  14. Install the CDI-PC Client
  15. EBF installation
  16. Uninstall Cloud Data Integration for PowerCenter (CDI-PC)
  17. Uninstalling the CDI-PC Client
  18. Uninstalling the Secure Agent
  19. Appendix A: CDI-PC components

Installation Guide for Informatica Data Quality (Modernization)

Installation Guide for Informatica Data Quality (Modernization)

Back Next

Create the service principal names and keytab files

Create the service principal names and keytab files

After you generate the list of SPN and keytab file names in
CDI-PC
 format, send a request to the Kerberos administrator to add the SPNs to the Kerberos principal database and create the keytab files. Enable 256-bit encryption for each user account that you use to generate the keytab files.
Use the following guidelines when you create the SPN and keytab files:
The user principal name (UPN) must be the same as the SPN.
When you create a user account for the service principal, you must set the UPN with the same name as the SPN. The application services in the
CDI-PC domain
 can act as a service or a client depending on the operation. You must configure the service principal to be identifiable by the same UPN and SPN.
A user account must be associated with only one SPN. Do not set multiple SPNs for one user account.
Enable delegation in Microsoft Active Directory.
You must enable delegation for all user accounts with service principals used in the
CDI-PC domain
. In the Microsoft Active Directory Service, set the
Trust this user for delegation to any service (Kerberos only)
 option for each user account that you set an SPN.
Delegated authentication happens when a user is authenticated with one service and that service uses the credentials of the authenticated user to connect to another service. Because services in the
CDI-PC domain
 need to connect to other services to complete an operation, the
CDI-PC domain
 requires the delegation option to be enabled in Microsoft Active Directory.
Use the ktpass utility to create the service principal keytab files.
Microsoft Active Directory supplies the ktpass utility to create keytab files.
CDI-PC
 supports Kerberos authentication only on Microsoft Active Directory and has certified only keytab files that are created with ktpass.
The keytab files for a node must be available on the machine that hosts the node. By default, the keytab files are stored in the following directory:
<CDI-PC installation directory>/isp/config/keys
. During installation, you can specify a directory on the node to store the keytab files.
When you receive the keytab files from the Kerberos administrator, copy the keytab files to a directory that is accessible to the machine where you plan to install the
CDI-PC
 services. When you run the
CDI-PC
 installer, specify the location of the keytab files. The
CDI-PC
 installer copies the keytab files to the directory for keytab files on the CDI-PC node.
0 COMMENTS
We’d like to hear from you!