Does Kerberos pass-through authentication require a Kerberos ticket with the "forwardable" flag set?
Article ID: KB0076958
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | All supported versions |
Description
Does the pass-through authentication feature (token pass-through - an SSO connection via studio, used to authenticate using pass-through authentication to a data source via Kerberos) dependent on the Kerberos ticket having the "forwardable" flag set?
Resolution
Yes, the token should be set to forwardable.
Note : For pass-through, TDV only supports jgss pass-through and the server should use jgss.
Prerequisites:
#1) Set the forwardable flag to true in krb5.ini file and
#2) Login to TDV Studio using SSO
Note : For pass-through, TDV only supports jgss pass-through and the server should use jgss.
[libdefaults]
default_realm = TEST.DOMAIN.NET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 1
noaddresses = true
[realms]
TEST.DOMAIN.NET = {
kdc = xxxxx.test.domain.net
kdc = yyyyy.test.domain.net
kdc = 172.22.176.26
}
Issue/Introduction
Does Kerberos pass-through authentication require a Kerberos ticket with the "forwardable" flag set?
Was this article helpful?
Yes
No
Powered by
