To create a keytab file
1. Create a Windows user account for the Integrity Lifecycle Manager server to run under.
2. Set up the Integrity Lifecycle Manager server to run under that account.
3. Associate the Windows user account with a service principal name (SPN), and create the keytab file containing the secret key. This requires running the ktpass command.
ktpass -princ integrityServer/<computerName><@YOURDOMAIN.COM> -mapuser <integrityISUser> –pass <password> -out <integrity.keytab>
where:
◦ integrityServer is the label for your server
◦ computerName is the name of the computer where the Integrity Lifecycle Manager server is running
◦ @YOURDOMAIN.COM is your domain name (you must use uppercase for the domain name)
◦ integrityISUser is your Windows user account
◦ password is your Windows user account password
◦ integrity.keytab is the name of the keytab file (do not specify the path for the keytab file)
For example:
ktpass -princ integrityServer/mainServer@abc.com -mapuser jbrown
-pass secret -out abc.keytab
|
The command is located in the Windows Support Tools package available in the Windows installation media.
|
4. Copy the keytab file to the installdir/data directory where installdir is the path to the directory where you installed the Integrity Lifecycle Manager server.
5. Specify the SPN (integrityServer/computerName) in the following property:
mks.security.KerberosSSO.SPN
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.KerberosSSO.SPN=integrityServer/mainServer
6. Specify the keytab file in the following property:
mks.security.KeytabFile
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.KeytabFile=abc.keytab
7. Specify the name of the user the Integrity Lifecycle Manager server is running as in the following property:
mks.security.ClientServiceName
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.ClientServiceName=jbrown