Copying the keytab file to
Spotfire Server is the fifth step in configuring
Spotfire Server for the Kerberos authentication method.
Procedure
-
Copy the
spotfire.keytab file to the directory
<installation dir>\tomcat\spotfire-config (Windows) or
<installation dir>/tomcat/spotfire-config (Linux) in
Spotfire Server.
Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.
To list the contents of the keytab file, use the
klist command-line tool. It lists the principal name, crypto algorithm, and security credentials. The tool is included in the bundled JDK and is only available when installed on Windows:
> <installation dir>\tomcat\spotfire-bin\klist.bat -k -t -e -K <keytab file>
To test the keytab file, use the
kinit command-line tool which is also included in the bundled JDK on Windows platforms:
> <installation dir>\tomcat\spotfire-bin\kinit.bat -k -t <keytab file> HTTP/<fully qualified hostname>[:<port>]@<realm>
If the keytab file is correctly set up, a ticket cache file is created in the logged-in user's home directory. It can typically be found in the path
C:\Users\<user>\krb5cc_<user>.
-
As soon as you have verified that the ticket cache was created, you must delete the ticket cache file to prevent future problems.