Kerberos is a network authentication protocol which uses tickets to authenticate access to services and nodes in a network. Kerberos uses a Key Distribution Center (KDC) to validate the identities of users and services and to grant tickets to authenticated user and service accounts. In the Kerberos protocol, users and services are known as principals. The KDC has a database of principals and their associated secret keys that are used as proof of identity. Kerberos can use an LDAP directory service as a principal database.
To use Kerberos authentication, you must install and run the Informatica domain on a network that uses Kerberos network authentication. Informatica can run on a network that uses Kerberos authentication with Microsoft Active Directory service as the principal database.
The Informatica domain requires keytab files to authenticate nodes and services in the domain without transmitting passwords over the network. The keytab files contain the service principal names (SPN) and associated encrypted keys. Create the keytab files before you create nodes and services in the Informatica domain.
You can also configure Kerberos authentication between the Administrator Daemon and the Administrator tool when the Informatica domain uses SSL certificates to secure the domain. You require the keytab files for the Administrator Daemon, Administrator tool, and the EDS Node.
Before you configure Kerberos authentication between the Administrator Daemon and the Administrator tool, perform the following tasks:
Set up the Kerberos configuration file.
Use the service principal and keytab file name format to generate the keytab files.