To create a keytab file
1. Create a Windows user account for the Windchill RV&S server to run under.
2. Set up the Windchill RV&S server to run under that account.
3. Associate the Windows user account with a service principal name (SPN), and create the keytab file containing the secret key. This requires running the ktpass command.
ktpass -princ WindchillRV&SServer/<computerName><@YOURDOMAIN.COM> -mapuser <WindchillRV&SISUser> –pass <password> -out <WindchillRV&S.keytab>
where:
◦ WindchillRV&SServer is the label for your server
◦ computerName is the name of the computer where the Windchill RV&S server is running
◦ @YOURDOMAIN.COM is your domain name (you must use uppercase for the domain name)
◦ WindchillRV&SISUser is your Windows user account
◦ password is your Windows user account password
◦ WindchillRV&S.keytab is the name of the keytab file (do not specify the path for the keytab file)
For example:
ktpass -princ WindchillRV&SServer/mainServer@abc.com -mapuser jbrown
-pass secret -out abc.keytab
|
|
The command is located in the Windows Support Tools package available in the Windows installation media.
|
4. Copy the keytab file to the installdir/data directory where installdir is the path to the directory where you installed the Windchill RV&S server.
5. Specify the SPN (WindchillRV&SServer/computerName) in the following property:
mks.security.KerberosSSO.SPN
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.KerberosSSO.SPN=WindchillRV&SServer/mainServer
6. Specify the keytab file in the following property:
mks.security.KeytabFile
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.KeytabFile=abc.keytab
7. Specify the name of the user the Windchill RV&S server is running as in the following property:
mks.security.ClientServiceName
For example, based on the sample ktpass command in step 3, you would specify:
mks.security.ClientServiceName=jbrown
