After you configure the security level, you can configure Kerberos authentication.
The
Network Security - Kerberos Authentication
section appears when you configure the security level for Kerberos network authentication.
Enter the parameters required for Kerberos authentication.
Domain Name
. Name of the domain. The name must not exceed 128 characters and must be 7-bit ASCII only. The name can't contain a space or any of the following characters:
` % * + ; " ? , < > \ /
Node Name
. Name of the CDI-PC node.
Node Host Name
. Fully qualified host name or the IP address of the machine on which to create the node. The node host name cannot contain the underscore (_) character.
Do not use localhost. The host name must explicitly identify the machine.
Service Realm Name
. Name of the Kerberos realm to which the
CDI-PC domain
services belong. The realm name must be in uppercase. The service realm name and the user realm name must be the same.
User Realm Name
. Name of the Kerberos realm to which the
CDI-PC domain
users belong. The realm name must be in uppercase. The service realm name and the user realm name must be the same.
Keytab Directory
. Directory where all keytab files for the
CDI-PC domain
are stored. The name of a keytab file in the
CDI-PC domain
must follow a format set by CDI-PC.
Fully Qualified Path to the Kerberos Configuration File
. Path and file name of the Kerberos configuration file. CDI-PC requires the following name for the Kerberos configuration file:
krb5.conf
If you configure the domain to run with Kerberos authentication, the domain and node name and the node host name must match the names you specified when you ran the CDI-PC Kerberos SPN Format Generator to generate SPN and keytab file names. If you use a different domain, node, or host name, generate the SPN and keytab file names again and ask the Kerberos administrator to add the new SPN to the Kerberos principal database and create the keytab files.
ASK INFAPreview
