User authentication in
EDS depends on the type of authentication that is configured for the Informatica domain.
When you install
, the installer detects the type of authentication that is configured for the Informatica domain and uses the same authentication for
. The Informatica domain can use the following types of authentication:
- Native user authentication
- Lightweight Directory Access Protocol (LDAP) user authentication
- Kerberos network authentication
Native user accounts are stored in the Informatica domain and can only be used within the Informatica domain. Kerberos and LDAP user accounts are stored in an LDAP directory service and are shared by applications within the enterprise.
If you enable Kerberos authentication during installation, you must configure the Informatica domain to work with the Kerberos key distribution center (KDC). You must create the service principal names (SPN) required by the Informatica domain in the Kerberos principal database. The Kerberos principal database can be an LDAP directory service. You must also create keytab files for the SPNs and store it in the Informatica directory as required by the Informatica domain.
If you do not enable Kerberos authentication during installation, the installer configures the Informatica domain to use native authentication. After installation, you can set up a connection to an LDAP server and configure the Informatica domain to use LDAP authentication in addition to native authentication.
You can use native authentication and LDAP authentication together in
EDS authenticates the users based on the security domain. If a user belongs to the native security domain, the Service Manager authenticates the user in the secure data storage. If the user belongs to an LDAP security domain, the Service Manager passes the user name and password to the LDAP server for authentication.
You cannot use native authentication with Kerberos authentication. If the Informatica domain uses Kerberos authentication, all user accounts must be in LDAP security domains. The Kerberos server authenticates a user account when the user logs in to the network. The Informatica client applications use the credentials from the network login to authenticate users in the Informatica domain. When you install EDS, the EDS installer detects that the Informatica domain uses Kerberos authentication and prompts you to provide the path to where EDS specific keytab files are created and stored.