Configuring Kerberos for Java

Configuring Kerberos for Java by editing the krb5.conf file is the fourth step in configuring Spotfire Server for the Kerberos authentication method.

Procedure

Open the following file in a text editor: <server installation dir>\tomcat\spotfire-config\krb5.conf.

Edit the following values to reflect your environment:

Note: The arguments are case sensitive.

For more information, see Krb5.conf file.

MYDOMAIN: The name of the Kerberos realm, usually the same as the name of the Windows Domain, written in uppercase characters.
mydomain: The name of the Windows Domain, written in lowercase characters.
mydc: The name of the domain controller, written in lowercase characters.

Example: Configuring Kerberos for Java in the "research.example.com" domain, with the two domain controllers "dc01.research.example.com" and "dc02.research.example.com":

[libdefaults]
    default_realm = RESEARCH.EXAMPLE.COM
    default_keytab_name = spotfire.keytab
    default_tkt_enctypes = aes128-cts
    default_tgs_enctypes = aes128-cts
    forwardable = true

[realms]
    RESEARCH.EXAMPLE.COM = {
        kdc = dc01.research.example.com
        kdc = dc02.research.example.com
        admin_server = dc01.research.example.com
        default_domain = research.example.com
    }

[domain_realm]
    .research.example.com = RESEARCH.EXAMPLE.COM
    research.example.com = RESEARCH.EXAMPLE.COM

[appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true

Optional: If you want to use the crypto algorithm aes256-sha1, perform the following tasks:
1. Add aes256-cts as the first option in default_tkt_enctypes and default_tgs_enctypes.