Creating a keytab file for the Kerberos service account (using the ktab command from the bundled JDK)
This method of creating a keytab file uses the ktab command that is included with the bundled JDK.
Procedure
- On the computer runningSpotfire Server, open a command line as an administrator and change the directory to <server installation dir>/tomcat/spotfire-bin.
-
Run the following command, replacing the
<database account name> with the user login name of the
Spotfire database account, written in lowercase letters:
> ktab -k spotfire-database.keytab -a <database account name>
Note: All values are case sensitive.Note: It is not critical to use the name "spotfire‐database.keytab" for the keytab file, but the following instructions assume that this name is used.The tool prompts you for the password of the service account. - Enter the password that you used when creating the Spotfire database account.
-
Verify the created keytab by running the
klist
andkinit
utilities:> klist -k spotfire-database.keytab > kinit -k -t spotfire-database.keytab <database account name>@<realm>
Note: If you change the password of the Kerberos service account, you must re-create the keytab file.Creating and verifying a keytab file for the "serverdb_user" Spotfire database account in the research.example.com domain:> ktab -k spotfire-database.keytab -a serverdb_user > klist -k spotfire-database.keytab > kinit -k -t spotfire-database.keytab serverdb_user@RESEARCH.EXAMPLE.COM
-
Copy the
spotfire-database.keytab file to the
Spotfire Server directory
<installation dir>\tomcat\spotfire-config (Windows) or
<installation dir>/tomcat/spotfire-config (Linux).
Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.Note: If you change the password of the Kerberos service account, you must re-create the keytab file.
Parent topic: Keytab file for the Kerberos service account
Home
Installation and configuration
User authentication
Single sign-on authentication methods
Kerberos authentication
Using Kerberos to log in to the Spotfire database
Keytab file for the Kerberos service account
Creating a keytab file for the Kerberos service account (using the ktab command from the bundled JDK)