You can configure EDS to use Kerberos network authentication if the Informatica domain uses Kerberos network authentication to authenticate users and services on a network. You can also configure Kerberos authentication between the Administrator Daemon and the Administrator tool when the Informatica domain uses SSL certificates to secure the domain. In this scenario, the Informatica domain need not use Kerberos network authentication.
Kerberos is a network authentication protocol which uses tickets to authenticate access to services and nodes in a network. Kerberos uses a Key Distribution Center (KDC) to validate the identities of users and services and to grant tickets to authenticated user and service accounts. In the Kerberos protocol, users and services are known as principals. The KDC has a database of principals and their associated secret keys that are used as proof of identity. Kerberos can use an LDAP directory service as a principal database.
Informatica can run on a network that uses Kerberos authentication with Microsoft Active Directory service as the principal database.
The Informatica domain requires keytab files to authenticate nodes and services in the domain without transmitting passwords over the network. The keytab files contain the service principal names (SPN) and associated encrypted keys. Create the keytab files before you create nodes and services in the Informatica domain.
For more information about preparing for a Kerberos authentication setup, see the
Informatica Edge Data Streaming Installation and Configuration Guide.