Copying the Kerberos service account’s keytab file to Spotfire Server
Copying the keytab file to Spotfire Server is the fifth step in configuring Spotfire Server for the Kerberos authentication method.
Procedure
-
Copy the
spotfire.keytab file to the directory
<installation dir>\tomcat\spotfire-config (Windows) or
<installation dir>/tomcat/spotfire-config (Linux) in
Spotfire Server.
Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.To list the contents of the keytab file, use the klist command-line tool. It lists the principal name, crypto algorithm, and security credentials. The tool is included in the bundled JDK and is only available when installed on Windows:
To test the keytab file, use the kinit command-line tool which is also included in the bundled JDK on Windows platforms:> <installation dir>\tomcat\spotfire-bin\klist.bat -k -t -e -K <keytab file>> <installation dir>\tomcat\spotfire-bin\kinit.bat -k -t <keytab file> HTTP/<fully qualified hostname>[:<port>]@<realm>If the keytab file is correctly set up, a ticket cache file is created in the logged-in user's home directory. It can typically be found in the path C:\Users\<user>\krb5cc_<user>. - As soon as you have verified that the ticket cache was created, you must delete the ticket cache file to prevent future problems.