Table of Contents

Search

  1. Preface
  2. Installation and Configuration
  3. Pre-Installation Tasks
  4. Installation
  5. Post-Installation Tasks
  6. Uninstallation
  7. Troubleshooting the Installation
  8. Configuring Extended JVM Parameters

Installation and Configuration Guide

Installation and Configuration Guide

Set Up the Kerberos Configuration File

Set Up the Kerberos Configuration File

Kerberos stores configuration information in a file named
krb5.conf
. Informatica requires specific properties set in the Kerberos configuration file so that the Informatica domain can use Kerberos authentication correctly. You must set the properties in the krb5.conf configuration file.
The configuration file contains the information about the Kerberos server, including the Kerberos realm and the address of the KDC. You can request the Kerberos administrator to set the properties in the configuration file and send you a copy of the file.
  1. Back up the krb5.conf file before you make any changes.
  2. Edit the krb5.conf file.
  3. In the
    libdefaults
    section, set or add the properties required by Informatica.
    The following table lists the values to which you must set properties In the libdefaults section:
    Parameter
    Value
    default_realm
    Name of the service realm for the Informatica domain.
    forwardable
    Allows a service to delegate client user credentials to another service. Set this parameter to True. The Informatica domain requires application services to authenticate the client user credentials with other services.
    default_tkt_enctypes
    Encryption types for the session key in ticket-granting tickets (TGT). Set this parameter only if session keys must use specific encryption types.
    udp_preference_limit
    Determines the protocol that Kerberos uses when it sends a message to the KDC. Set udp_preference_limit = 1 to always use TCP. The Informatica domain supports only the TCP protocol. If the udp_preference_limit is set to any other value, the Informatica domain can shut down unexpectedly.
  4. In the
    realms
    section, include the port number in the address of the KDC separated by a colon.
    For example, if the KDC address is kerberos.example.com and the port number is 88, set the
    kdc
    parameter to the following:
    kdc = kerberos.example.com:88
  5. Save the krb5.conf file.
  6. Store the krb5.conf file in a directory that is accessible to the machine where you plan to install the Administrator Daemon and Administrator tool.
The following example shows the content of a krb5.conf with the required properties:
[libdefaults] default_realm = AFNIKRB.AFNIDEV.COM forwardable = true udp_preference_limit = 1 [realms] AFNIKRB.AFNIDEV.COM = { admin_server = SMPLKERDC01.AFNIKRB.AFNIDEV.COM kdc = SMPLKERDC01.AFNIKRB.AFNIDEV.COM:88 } [domain_realm] afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM .afnikrb.afnidev.com = AFNIKRB.AFNIDEV.COM
For more information about the Kerberos configuration file, see the Kerberos network authentication documentation.