Setting-up Kerberos Authentication in the Information Self-Service Tool¶
The Information Self-Service Tool provides support to authenticate its clients using the Kerberos authentication protocol.
If you are not going to use the Information Self-Service Tool, go to the next postinstallation action.
Once you set-up the Virtual DataPort server to use Kerberos, it is important to distinguish these two scenarios:
- The Information Self-Service Tool and the Virtual DataPort Server are in the Same Machine
- The Information Self-Service Tool and the Virtual DataPort Server are in Different Machines
The Information Self-Service Tool and the Virtual DataPort Server are in the Same Machine¶
If the Information Self-Service tool runs on the same host than the Virtual DataPort server, it has to use the same keytab file and the same Service Principal Name as in the Virtual DataPort server. That way, you do not have do anything extra and the Server will be easier to manage.
The Information Self-Service Tool and the Virtual DataPort Server are in Different Machines¶
In this scenario, you will have to perform the same postinstallation tasks you did to enable Kerberos on Virtual DataPort:
- In the Active Directory, create a user of type “User”.
- Declare a Service Principal Name (SPN) and associate it with this new user.
- Generate a keytab file for this SPN.
- Copy the keytab file to the host where the Information Self-Service Tool runs.
- If necessary, install the “Unlimited Strength Policy Files” for the Java Cryptography Extension (JCE). This section explains when that is necessary.
After performing these steps, you have to configure the Information Self-Service Tool to use Kerberos authentication. The section Kerberos Configuration of the Information Self-Service Tool Guide explains how to do this.