Setting-up Kerberos Authentication in Scheduler

Scheduler provides support to authenticate its clients using the Kerberos authentication protocol.

If you are not going to use the Scheduler, go to the next post-installation action.

Once you set-up the Virtual DataPort server to use Kerberos, it is important to distinguish these two scenarios:

  1. Scheduler and Virtual DataPort Are in the Same Machine (most common scenario).

  2. Scheduler and Virtual DataPort Are in Different Machines

Scheduler and Virtual DataPort Are in the Same Machine

If Scheduler runs on the same host as Virtual DataPort, follow the instructions on the page Kerberos Configuration (Scheduler Administration Guide), and use the same keytab file you are going to use for Virtual DataPort.

We recommend using the same keytab file and the same Service Principal Name (SPN) as for Virtual DataPort. That way, you do not have do anything extra and Scheduler will be easier to manage.

Scheduler and Virtual DataPort Are in Different Machines

Follow these steps if:

  • Scheduler runs on a different machine than Virtual DataPort.

  • Or if you want Scheduler to use a different service principal name (SPN) than Virtual DataPort.

In this scenario, you will have to perform the same post-installation tasks you did to enable Kerberos on Virtual DataPort:

  1. In the Active Directory, create a user of type “User”.

  2. Declare a Service Principal Name (SPN) and associate it with this new user.

  3. Generate a keytab file for this SPN.

  4. Copy the keytab file to the host where the Scheduler runs.

After performing these steps, configure the Scheduler to use Kerberos authentication. The section Kerberos Configuration of the Scheduler Guide explains how to do this.

Important

To configure the Scheduler server and the Scheduler administration tool with different user accounts, you will have to perform these actions for each one.