Setting up Kerberos authentication in a clustered TIBCO Spotfire Server environment with no Load Balancer

Setting up Kerberos authentication in a clustered TIBCO Spotfire Server environment with no Load Balancer

book

Article ID: KB0076574

calendar_today

Updated On:

Products Versions
Spotfire Server 7.5 and higher

Description

While setting up kerberos authentication in a clustered TIBCO Spotfire Server (TSS) environment with no load balancer (meaning users will access the specific TSS URLs instead of a single load balancer URL), the points mentioned in the resolution section must be followed. While all other steps here remain the same as in case of Kerberos set up in a clustered environment with a load balancer, the creation of the keytab file differs. The details are provided in the resolution section.

Issue/Introduction

This article provides guidance on setting up Kerberos authentication in a clustered TIBCO Spotfire Server environment with no load balancer.

Resolution

While setting up Kerberos authentication on TIBCO Spotfire Servers in a clustered environment without a load balancer, the following points must be considered:
  1. Two Service Principal Names must be created for each TSS.
  2. One keytab file must be created. This must use the name of the service account running the TSS as the principal name. Below is example syntax of the "ktpass" command in this case:
ktpass /princ <Spotfire service account name>@REALM  /ptype krb5_nt_principal /crypto <rc4-hmac or AES-256-sha1 or AES-128-sha1> /kvno 0 /out spotfire.keytab /pass <service account password>
       3. This keytab file must be copied to each TIBCO Spotfire Server.

The steps and commands here would be the same as in case of setting up Kerberos on a single TIBCO Spotfire Server, the only thing that vary are the points mentioned above.
 

Additional Information

Doc: Kerberos authentication for clustered servers with load balancer Doc: Setting up Kerberos authentication on Spotfire Server
Powered by Wolken Software