config-kerberos-auth
Configures the authentication service used with the Kerberos authentication method.
config-kerberos-auth
[-c value | --configuration=value]
[-b value | --bootstrap-config=value]
[-S value | --server=value]
[-p value | --service-principal-name=value]
[-k value | --keytab-file=value]
[-r value | --krb5-conf-file=value]
[-d <true|false> | --enable-debug=<true|false>]
[-w value | --worker-delegation-policy=value]
Overview
Use this command to configure the authentication service used with Kerberos authentication method.
Options
Option | Optional or Required | Default Value | Description |
---|---|---|---|
|
Optional | configuration.xml | The path to the server configuration file. |
|
Optional | none | The path to the bootstrap configuration file. See Bootstrap.xml file for more information about this file. |
|
Optional | none | The name of the cluster server to which the specified configuration parameters should be applied. If no name is specified, the parameters apply to all servers in the cluster. |
|
Required | none | The Kerberos service principal name (SPN) used by the server. |
|
Optional | ${catalina.base}/spotfire-config/spotfire.keytab | The path to the Kerberos file containing the keytab entry for the specified SPN. If the specified path contains any Java system properties (for example, as in the default value for this argument), they are automatically expanded. |
|
Optional | ${catalina.base}/spotfire-config/krb5.conf | The path to the Kerberos file containing the Kerberos configuration (krb5.conf). If the specified path contains any Java system properties (e.g. as in the default value for this argument), they will automatically be expanded. |
|
Optional | false | Specifies whether extra debug logging should be enabled for the Kerberos authentication service. |
|
Optional | none | Configures how delegation of Kerberos credentials should be handled when connecting to a service on a node. When a user's credentials are delegated to a service, the service can in turn use these credentials to connect to data sources, assuming the identity of the user. Connections made without delegation can be configured to use impersonation. There are three options:
Note: By default, Spotfire Server uses the REQUIRE option.
|
Parent topic: Command-line reference