Step 3. Set Up the Kerberos Configuration File

1. Back up the krb5.conf file before you make any changes.
2. Edit the krb5.conf file.
3. In the libdefaults section, set or add the properties required by Informatica.
The following table lists the values to which you must set properties In the libdefaults section:

Parameter	Value
default_realm	Name of the service realm for the Informatica domain.
forwardable	Allows a service to delegate client user credentials to another service. Set this parameter to True. The Informatica domain requires application services to authenticate the client user credentials with other services.
default_tkt_enctypes	Encryption type for the session key in the ticket-granting ticket (TGT). Set this parameter to rc4-hmac. Informatica supports only the rc4-hmac encryption type.
udp_preference_limit	Determines the protocol that Kerberos uses when it sends a message to the KDC. Set udp_preference_limit = 1 to always use TCP. The Informatica domain supports only the TCP protocol. If the udp_preference_limit is set to any other value, the Informatica domain can shut down unexpectedly.

4. In the realms section, include the port number in the address of the KDC separated by a colon.
For example, if the KDC address is kerberos.example.com and the port number is 88, set the kdc parameter to the following:
kdc = kerberos.example.com:88

5. Save the krb5.conf file.
6. Copy the configuration file to the Informatica directory.
You must copy the krb5.conf to the following directory: <INFA_HOME>/services/shared/security
If the domain has multiple nodes, copy the krb5.conf to the same directory on all the nodes in the domain.