Command Reference > infasetup Command Reference > SwitchToKerberosMode
  

SwitchToKerberosMode

Configure the Informatica domain to use Kerberos authentication.
The SwitchToKerberosMode command uses the following syntax:
SwitchToKerberosMode

<-administratorName|-ad> administrator_name

<-ServiceRealmName|-srn> realm_name_of_node_spn

<-UserRealmName|-urn> realm_name_of_user_spn

[<-SPNShareLevel|-spnSL> SPNShareLevel PROCESS|NODE]
The following table describes infasetup SwitchToKerberosMode options and arguments:
Option
Argument
Description
-administratorName
-ad
administrator_name
Required. User name for the domain administrator account that is created when you configure Kerberos authentication. Specify the name of an account that exists in Active Directory.
After you configure Kerberos authentication, this user is included in the _infaInternalNamespace security domain that the command creates.
If the domain uses a single Kerberos realm to authenticate users, specify the samAccount name.
If the domain uses Kerberos cross realm authentication, specify the fully qualified user principal name, including the realm name. For example:
sysadmin@COMPANY.COM
-ServiceRealmName
-srn
realm_name_of_node_spn
Required. Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example, specify the following value to include all realms that include the EAST.COMPANY.COM name:
*EAST.COMPANY.COM
-UserRealmName
-urn
realm_name_of_user_spn
Required. Name of the Kerberos realm that the domain uses to authenticate users. The realm name must be in uppercase and is case-sensitive.
To configure Kerberos cross realm authentication, specify the name of each Kerberos realm that the domain uses to authenticate users, separated by a comma. For example:
COMPANY.COM,EAST.COMPANY.COM,WEST.COMPANY.COM
Use an asterisk as a wildcard character before a realm name to include all realms that include the name. For example, specify the following value to include all realms that include the EAST.COMPANY.COM name:
*EAST.COMPANY.COM
SPNShareLevel
-spnSL
SPNShareLevel
PROCESS|NODE]
Optional. Indicates the service principal level for the domain. Set the property to one of the following levels:
  • - Process. The domain requires a unique service principal name (SPN) and keytab file for each node and each service on a node. The number of SPNs and keytab files required for each node depends on the number of service processes that run on the node. Recommended for production domains.
  • - Node. The domain uses one SPN and keytab file for the node and all services that run on the node. It also requires a separate SPN and keytab file for all HTTP processes on the node. Recommended for test and development domains. Recommended for test and development domains.
Default is process.