Enabling Kerberos on Informatica Nodes
After you enable Kerberos in the domain, you must copy the Kerberos configuration file to each node in the domain. You must also configure web browsers to access the Informatica web applications.
Copy the keytab files to the following directory on each node:
<Informatica installation directory>\isp\config\keys
The keytab files you copy depends on whether you enable Kerberos authentication at the node level or at the process level.
Keytab Files at Node Level
Copy each keytab file generated at the node level to the corresponding node.
The following table shows the node to which to copy each keytab file:
Keytab File | Location on Node |
|---|
<node name>.keytab | Copy each file to the corresponding node. |
webapp_http.keytab | Copy each file to the corresponding gateway node. |
ldapuser.keytab | Copy the file to each gateway node. |
Keytab Files at Process Level
Copy each keytab file generated at the process level to the corresponding node.
The following table shows the node to which to copy each keytab file:
Keytab File | Location on Node |
|---|
<node name>.keytab | Copy each file to the corresponding node. |
webapp_http.keytab | Copy each file to the corresponding gateway node. |
_AdminConsole.keytab | Copy each file to the corresponding gateway node. |
<application service name>.keytab | Copy each file to the corresponding node on which the Informatica application service runs. |
ldapuser.keytab | Copy the file to each gateway node. |
Configure web browsers to access Informatica web applications.
In Microsoft Internet Explorer and Google Chrome, add the URL of the Informatica web applications, such as the Analyst tool, to the list of trusted sites.
If you are using Chrome version 41 or later, you must also set the AuthServerWhitelist and AuthNegotiateDelegateWhitelist policies.
Copy the Keytab Files to the Informatica Nodes
After you create the keytab files, copy each keytab file to the corresponding node.
Copy the keytab files to the following directory on each node:
<Informatica installation directory>\isp\config\keys
The keytab files you copy depends on whether you enable Kerberos authentication at the node level or at the process level.
Keytab Files at Node Level
Copy each keytab file generated at the node level to the corresponding node.
The following table shows the node to which to copy each keytab file:
Keytab File | Location on Node |
|---|
<node name>.keytab | Copy each file to the corresponding node. |
webapp_http.keytab | Copy each file to the corresponding node. |
ldapuser.keytab | Copy the file to each gateway node. |
Keytab Files at Process Level
Copy each keytab file generated at the process level to the corresponding node.
The following table shows the node to which to copy each keytab file:
Keytab File | Location on Node |
|---|
<node name>.keytab | Copy each file to the corresponding node. |
webapp_http.keytab | Copy each file to the corresponding node. |
_AdminConsole.keytab | Copy each file to the corresponding node. |
<application service name>.keytab | Copy each file to the corresponding node on which the Informatica application service runs. |
ldapuser.keytab | Copy the file to each node. |
Enable Kerberos Authentication for Informatica Clients
Copy the Kerberos configuration file to each computer that hosts an Informatica client, and then set an environment variable to point to the configuration file. You must also enable client browsers to access the Informatica web applications.
After you configure the Informatica domain to run with Kerberos authentication, perform the following tasks on the Informatica client tools:
- Copy the Kerberos configuration file to each Informatica client host.
Copy the krb5.conf file to each computer that hosts a Informatica client such as the PowerCenter Client or Informatica Developer (the Developer tool). Copy the file to the following directory on each host:
<Informatica installation directory>\clients\shared\security
- Set the KRB5_CONFIG environment variable on each Informatica client host.
Set the KRB5_CONFIG environment variable to the path and file name of the Kerberos configuration file on each computer that hosts Informatica clients such as the PowerCenter Client and the Developer tool.
- Configure web browsers to access Informatica web applications.
In Microsoft Internet Explorer and Google Chrome, add the URL of the Informatica web applications, such as the Analyst tool, to the list of trusted sites.
If you are using Chrome version 41 or later, you must also set the AuthServerWhitelist and AuthNegotiateDelegateWhitelist policies.