This method of creating a keytab file on Linux uses the
ktutil command.
Before you begin
- Kerberos is installed on the Linux host where
Spotfire Server is installed.
- The tools
ktutil,
klist, and
kinit are available on the Linux host.
Procedure
-
Start the ktutil tool by invoking it from the command line without any arguments. Execute the commands below, replacing <database account name> with the user login name of the
Spotfire database account, written in lowercase letters:
> ktutil
ktutil: add_entry -password -p <database account name> -k 0 -e aes128-sha1
Password for <database account name>:
ktutil: write_kt spotfire-database.keytab
ktutil: quit
Note: All values are case sensitive.
Note: It is not critical to use the name "spotfire‐database.keytab" for the keytab file, but the following instructions assume that this name is used.
The tool prompts you for the password of the service account.
-
Enter the password that you used when creating the
Spotfire database account.
-
Verify the created keytab by running the
klist
and
kinit
utilities:
> klist -k spotfire-database.keytab
> kinit -k -t spotfire-database.keytab <database account name>@<realm>
Note: If you change the password of the Kerberos service account, you must re-create the keytab file.
Creating and verifying a keytab file for the "serverdb_user"
Spotfire database account in the research.example.com domain:
> ktutil
ktutil: add_entry -password -p serverdb_user -k 0 -e aes128-sha1
Password for serverdb_user:
ktutil: write_kt spotfire-database.keytab
ktutil: quit
> klist -k spotfire-database.keytab
> kinit -k -t spotfire-database.keytab serverdb_user@RESEARCH.EXAMPLE.COM
-
Copy the
spotfire-database.keytab file to the following
Spotfire Server directory:
<installation dir>/tomcat/spotfire-config.
Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.
Note: If you change the password of the Kerberos service account, you must re-create the keytab file.