Running Commands on UNIX with Kerberos Authentication
If the Informatica domain uses Kerberos authentication, set the Kerberos configuration environment variable before you run the command line programs. If you run the command line programs with single sign-on, you must generate a credential cache file and specify the path and file name in an environment variable.
You must set the environment variables before you run the infacmd, pmrep, mmcmd, mmRepoCmd, and pmcmd commands on UNIX.
Running Commands on UNIX with Single Sign-On
If you run the command line programs with single sign-on, you must generate a credentials cache file to authenticate the user account running the commands on the Kerberos network. Use the kinit utility to generate the credentials cache file.
If you have a credentials cache file, you can run the commands without the user name and password options.
To run commands on UNIX with single sign-on, perform the following tasks:
1. Set the Kerberos environment variables.
2. Download the kinit utility and generate a credentials cache file.
Setting the Kerberos Environment Variables
On the machine that hosts the command line programs, specify the location of the credential cache and configuration file in the Kerberos environment variables.
Set the following environment variables:
- KRB5CCNAME
- Stores the default path and filename for the Kerberos credentials cache. When you run the kinit utility to generate the user credential cache, kinit stores the credential cache in the default file that you set in the KRB5CCNAME environment variable.
- KRB5_CONFIG
- Stores the path and file name of the Kerberos configuration file. The name of the Kerberos configuration file is krb5.conf. For information about the contents of the krb5.conf file, see the Informatica Security Guide.
Generating the Credentials Cache File
Use the Kerberos kinit utility to generate the credentials cache file for the user account that runs the command line programs. The utility is available with the MIT Kerberos V5 download package.
To generate the credentials cache file, perform the following tasks:
1. Download and install MIT Kerberos V5.
2. Run the kinit utility and specify the user principal name.
When you create the user credentials cache, you must use the forwardable (-f) or proxiable (-p) option. On Solaris 10, use the proxiable option. On other UNIX platforms, use the forwardable option. You can use the following command syntax:
- Solaris 10
- kinit -p <principal name>
- Other UNIX platforms
- kinit -f <principal name>
The format for the principal name is <username>@<realmname.com>. Enter the realm name in uppercase letters.
Note: If you set the KRB5CCNAME environment variable before you run the kinit utility, kinit stores the credentials cache in the location specified in the environment variable.
3. Enter the password for the user account.
Running Commands on UNIX Without Single Sign-On
To run commands on UNIX without single sign-on, set the KRB5_CONFIG environment variable to the path and file name of the Kerberos configuration file. Include the user name and password when you run the command or set the user name and password in environment variables.
The commands determine the user credentials based on how you specify the user name and password. The commands check the credentials in the following order:
- 1. Command options. If you include the user name option (-un) and the password option (-pd) in the command, the command uses the user name and password specified for the options.
- 2. Environment variables. If you do not include the user name and password options in the command, the command uses the user name and password specified in the environment variables INFA_DEFAULT_DOMAIN_USER and INFA_DEFAULT_DOMAIN_PASSWORD.
Note: If you do not set the credentials in the command options or environment variables, the command checks for a credential cache file. If a credential cache is available, the command runs with single sign-on.