Configuring krb5.conf when setting up Kerberos authentication across multiple domains
Article ID: KB0082723
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | Any |
Description
Description:
krb5.conf file contains Kerberos configuration information which includes KDC & admin servers for one or more Kerberos realms, default values for the current realm and mappings of hostnames onto Kerberos realms. If customers have multiple domains that users are part of, then the krb5.conf file should be updated accordingly. Information with various domains/domain realms for authentication to work will be part of this file.
Here is a quick overview about the information contained within the krb5.conf file.
libdefaults - Settings used by the Kerberos library
realms - Realm-specific contact information and settings
domain_realm - Maps server hostnames to Kerberos realms
capaths - Authentication paths for non-hierarchical cross-realm (E.g., domains across multiple Windows forests)
appdefaults - default settings used by some Kerberos applications
plugins - Controls plugin module registration
Within the Spotfire Server installation the krb5.conf file is located at <Spotfire Server install directory>\tibco\tss\<version>\jdk\jre\lib\security.
Resolution
Refer to the attached template that can be used in case of configuring krb5.conf to support users from multiple domains
Issue/Introduction
Configuring krb5.conf when setting up Kerberos authentication across multiple domains
Additional Information
-
Feedback
Yes
No
Powered by
