Copying the keytab file to
Spotfire Server
is the fifth step in configuring
Spotfire Server
for the Kerberos authentication method.
Procedure
-
Copy the
spotfire.keytab file to the directory
<installation dir>\tomcat\spotfire-config
(Windows) or
<installation dir>/tomcat/spotfire-config
(Linux) in
Spotfire Server.
Note: Because this file contains
sensitive information, it must be handled with care. The file must not under
any circumstances be readable by unauthorized users.
To list the contents of the keytab file, use the
klist command-line tool. It lists the principal
name, crypto algorithm, and security credentials. The tool is included in the
bundled Java Development Kit and is only available when installed on Windows:
> <installation dir>\tomcat\spotfire-bin\klist.bat -k -t -e -K <keytab file>
To test the keytab file, use the
kinit command-line tool which is also included in
the bundled Java Development Kit on Windows platforms:
> <installation dir>\tomcat\spotfire-bin\kinit.bat -k -t <keytab file> HTTP/<fully qualified hostname>[:<port>]@<realm>
If the keytab file is correctly set up, a ticket cache file
is created in the logged-in user's home directory. It can typically be found in
the path
C:\Users\<user>\krb5cc_<user>.
-
As soon as you have verified that the ticket cache was created,
you must delete the ticket cache file to prevent future problems.