Creating a Kerberos service account

Creating a Kerberos service account is the first step in configuring Spotfire Server for the Kerberos authentication method.

Before you begin

Windows Domain Controllers running Windows Server 2008 or later.
A computer with the Microsoft Active Directory Users and Computers MMC snap-in.
A computer with the Microsoft Support Tools installed.
A domain administrator account or a user account which is a member of the built-in Account Operators domain group, or any account with equivalent permissions.
Windows Domain accounts for all Spotfire users.
A fully-working user directory, with either of the following options:
- LDAP (recommended)
- Spotfire database, provided that the built-in post-authentication filter is auto‐creating new users.

Log in to the computer as a domain administrator or a user who is a member of the built-in Account Operators domain group.
Open the Active Directory Users and Computers MMC snap-in.
Create an ordinary user account with the following properties:
- Use the same identifier in the Full name and User logon name (pre‐Windows 2000) fields.
  Note: Use only lowercase characters and make sure that there are no spaces in these fields.
- Select the Password never expires check box.
- Clear the User must change password at next logon check box.
- If you want to use the crypto algorithm aes128-sha1 or aes256-sha1 the account option This account supports Kerberos AES 128 bit encryption or This account supports Kerberos AES 256 bit encryption must also be selected.