config-kerberos-auth

config-kerberos-auth 
[-c value | --configuration=value] 
[-b value | --bootstrap-config=value] 
[-S value | --server=value] 
[-p value | --service-principal-name=value] 
[-k value | --keytab-file=value]
[-r value | --krb5-conf-file=value]
[-d <true|false> | --enable-debug=<true|false>] 
[-w value | --worker-delegation-policy=value]

Overview

Use this command to configure the authentication service used with Kerberos authentication method.

Options


Option	Optional or Required	Default Value	Description
`-c value --configuration=value`	Optional	configuration.xml	The path to the server configuration file.
`-b value --bootstrap-config=value`	Optional	none	The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file.
`-S value --server=value`	Optional	none	The name of the cluster server to which the specified configuration parameters should be applied. If no name is specified, the parameters apply to all servers in the cluster.
`-p value --path=value`	Required	none	The Kerberos service principal name (SPN) used by the server.
`-k value --keytab-file=value`	Optional	${catalina.base}/spotfire-config/spotfire.keytab	The path to the Kerberos file containing the keytab entry for the specified SPN. If the specified path contains any Java system properties (for example, as in the default value for this argument), they are automatically expanded.
`-r value --krb5-conf-file=value`	Optional	${catalina.base}/spotfire-config/krb5.conf	The path to the Kerberos file containing the Kerberos configuration (krb5.conf). If the specified path contains any Java system properties (e.g. as in the default value for this argument), they will automatically be expanded.
`-d <true\|false> --enable-debug=<true\|false>`	Optional	false	Specifies whether extra debug logging should be enabled for the Kerberos authentication service.
`-w value --worker-delegation-policy=value`	Optional	none	Configures how delegation of Kerberos credentials should be handled when connecting to a service on a node. When a user's credentials are delegated to a service, the service can in turn use these credentials to connect to data sources, assuming the identity of the user. Connections made without delegation can be configured to use impersonation. There are three options: REQUIRE - Do not connect to a service unless delegation succeeds. TRY - Try delegation; if that fails, log in with impersonation. NEVER - Do not attempt to delegate; always log in with impersonation. Note: By default, Spotfire Server uses the REQUIRE option.