Configuring Kerberos for Java by editing the
krb5.conf file is the fourth step in configuring
Spotfire Server for the Kerberos authentication method.
Procedure
-
Open the following file in a text editor:
<server installation dir>\tomcat\spotfire-config\krb5.conf.
-
Edit the following values to reflect your environment:
Note: The arguments are case sensitive.
For more information, see
Krb5.conf file.
- MYDOMAIN: The name of the Kerberos realm, usually the same as the name of the Windows Domain, written in uppercase characters.
- mydomain: The name of the Windows Domain, written in lowercase characters.
- mydc: The name of the domain controller, written in lowercase characters.
Example: Configuring Kerberos for Java in the "research.example.com" domain, with the two domain controllers "dc01.research.example.com" and "dc02.research.example.com":
[libdefaults]
default_realm = RESEARCH.EXAMPLE.COM
default_keytab_name = spotfire.keytab
default_tkt_enctypes = aes128-cts
default_tgs_enctypes = aes128-cts
forwardable = true
[realms]
RESEARCH.EXAMPLE.COM = {
kdc = dc01.research.example.com
kdc = dc02.research.example.com
admin_server = dc01.research.example.com
default_domain = research.example.com
}
[domain_realm]
.research.example.com = RESEARCH.EXAMPLE.COM
research.example.com = RESEARCH.EXAMPLE.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
- Optional:
If you want to use the crypto algorithm aes256-sha1, perform the following tasks:
-
Add
aes256-cts
as the first option in
default_tkt_enctypes
and
default_tgs_enctypes
.