Does Kerberos pass-through authentication require a Kerberos ticket with the "forwardable" flag set?

book

Article ID: KB0076958

calendar_today

Updated On:

Products	Versions
TIBCO Data Virtualization	All supported versions

Description

Does the pass-through authentication feature (token pass-through - an SSO connection via studio, used to authenticate using pass-through authentication to a data source via Kerberos) dependent on the Kerberos ticket having the "forwardable" flag set?

Issue/Introduction

Does Kerberos pass-through authentication require a Kerberos ticket with the "forwardable" flag set?

Resolution

Yes, the token should be set to forwardable.

Prerequisites:

#1) Set the forwardable flag to true in krb5.ini file and
#2) Login to TDV Studio using SSO

Note : For pass-through, TDV only supports jgss pass-through and the server should use jgss.

[libdefaults]
default_realm = TEST.DOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 1
noaddresses = true
 
 
[realms]
 
TEST.DOMAIN.NET = {
kdc = xxxxx.test.domain.net
kdc = yyyyy.test.domain.net
kdc = 172.22.176.26
}

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"

Does Kerberos pass-through authentication require a Kerberos ticket with the "forwardable" flag set?

Article ID: KB0076958

Updated On:

Description

Issue/Introduction

Resolution

Feedback