Review the SPN and Keytab Format Text File
The Kerberos SPN Format Generator generates a text file named SPNKeytabFormat.txt that lists the format for the service principal and keytab file names required by the Informatica domain. The list includes the SPN and keytab file names based on the service principal level you select.
Review the text file and verify that there are no error messages.
The text file contains the following information:
- Entity Name
- Identifies the node or service associated with the process.
- SPN
- Format for the SPN in the Kerberos principal database. The SPN is case sensitive. Each type of SPN has a different format.
- An SPN can have one of the following formats:
Keytab type | SPN Format |
|---|
NODE_SPN | isp/<NodeName>/<DomainName>@<REALMNAME> |
NODE_AC_SPN | _AdminConsole/<NodeName>/<DomainName>@<REALMNAME> |
NODE_HTTP_SPN | HTTP/<NodeHostName>@<REALMNAME> Note: The Kerberos SPN Format Generator validates the node host name. If the node host name is not valid, the utility does not generate an SPN. Instead, it displays the following message: Unable to resolve host name. |
SERVICE_PROCESS_SPN | <ServiceName>/<NodeName>/<DomainName>@<REALMNAME> |
- Keytab File Name
- Format for the name of the keytab file to be created for the associated SPN in the Kerberos principal database. The keytab file name is case sensitive.
- The keytab file names use the following formats:
Keytab type | Keytab File Name |
|---|
NODE_SPN | <NodeName>.keytab |
NODE_AC_SPN | _AdminConsole.keytab |
NODE_HTTP_SPN | webapp_http.keytab |
SERVICE_PROCESS_SPN | <ServiceName>.keytab |
- Keytab Type
- Type of the keytab. The keytab type can be one of the following types:
- - NODE_SPN. Keytab file for a node process.
- - NODE_AC_SPN. Keytab file for the Informatica Administrator service process.
- - NODE_HTTP_SPN. Keytab file for HTTP processes in a node.
- - SERVICE_PROCESS_SPN. Keytab file for a service process.
Service Principals at Node Level
The following example shows the contents of the SPNKeytabFormat.txt file generated for service principals at the node level:
ENTITY_NAME SPN KEY_TAB_NAME KEY_TAB_TYPE
Node01 isp/Node01/InfaDomain@MY.SVCREALM.COM Node01.keytab NODE_SPN
Node01 HTTP/NodeHost01.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN
Node02 isp/Node02/InfaDomain@MY.SVCREALM.COM Node02.keytab NODE_SPN
Node02 HTTP/NodeHost02.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN
Node03 isp/Node03/InfaDomain@MY.SVCREALM.COM Node03.keytab NODE_SPN
Node03 HTTP/NodeHost03.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN
Service Principals at Process Level
The following example shows the contents of the SPNKeytabFormat.txt file generated for service principals at the process level:
ENTITY_NAME SPN KEY_TAB_NAME KEY_TAB_TYPE
Node01 isp/Node01/InfaDomain@MY.SVCREALM.COM Node01.keytab NODE_SPN
Node01 _AdminConsole/Node01/InfaDomain@MY.SVCREALM.COM _AdminConsole.keytab NODE_AC_SPN
Node01 HTTP/NodeHost01.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN
Node02 isp/Node02/InfaDomain@MY.SVCREALM.COM Node02.keytab NODE_SPN
Node02 _AdminConsole/Node02/InfaDomain@MY.SVCREALM.COM _AdminConsole.keytab NODE_AC_SPN
Node02 HTTP/NodeHost02.enterprise.com@MY.SVCREALM.COM webapp_http.keytab NODE_HTTP_SPN
Service10:Node01 Service10/Node01/InfaDomain@MY.SVCREALM.COM Service10.keytab SERVICE_PROCESS_SPN
Service100:Node02 Service100/Node02/InfaDomain@MY.SVCREALM.COM Service100.keytab SERVICE_PROCESS_SPN
Service200:Node02 Service200/Node02/InfaDomain@MY.SVCREALM.COM Service200.keytab SERVICE_PROCESS_SPN