Security
This section describes changes to security in version 9.6.1.
Encryption Key Directory
Effective in version 9.6.1, the directory where the domain encryption key is stored has changed. The new encryption key directory is <INFA_HOME>/isp/config/keys.
Previously, the encryption key directory was <INFA_HOME>/isp/config/secret.
Service Principal Requirements for Kerberos Authentication
Effective in 9.6.1, when you configure the domain to use Kerberos authentication, you can specify whether nodes and services can share service principal names (SPN) and keytab files.
You can select one of the following service principal levels:
- Node Level
- If the domain is used for testing or development and does not require a high level of security, you can set the service principal at the node level. You can use one SPN and keytab file for the node and all the service processes on the node. When you create additional services on a node, you do not need to create additional keytab files.
- Process Level
- If the domain is used for production and requires a high level of security, you can set the service principal at the process level. Create a unique SPN and keytab file for each node and each process on the node. The number of SPNs and keytab files required for each node depends on the number of service processes that run on the node.
Previously, the Informatica domain required a unique SPN and keytab file for each node and each process on the node.