Show TOC

Adding Kerberos RealmsLocate this document in the navigation structure

Prerequisites

You have configured the KDC and UME as required.

For more information, see Configuring Kerberos Authentication .

Procedure

  1. Start the SPNego configuration application.

    For more information, see Starting the SPNego Configuration Application .

  2. Choose the Add pushbutton and follow the appropriate procedure below:

    • Manually - Use this option if you know the service user password.

      1. Enter the realm name and description.

      2. Enter data for the service user. Make sure the password is correct. The SPNego configuration application does not verify the user name and password. If you specify an incorrect password, SPNego will not work at runtime.

      3. In the Keys step, configure encryption types, if necessary.

      4. In the User Mapping step, specify how the KPN will be mapped to a UME user by selecting a mapping mode and source.

    • Uploading Keytab File - Use this approach if you do not know the service user password, but you have a keytab file instead.

      Caution

      Make sure the keytab file is received from a trusted source through a secure communication channel.

      1. In the Keytab step, select a keytab file that contains the keys for the service user.

        Example

        You can generate a keytab file of this type using the Java utility ktab (distributed with JRE 1.6, for example) as follows:

        ktab.exe -a jee-jd1-hades@IT.CUSTOMER.DE passwordforhades -k myKeytabHades

      2. In the Realm step, select the domain that you want to use. The keytab file may contain keys for service users for several domains.

      3. In the Keys step, you can see the keys found for the selected domain. Select the desired keys.

      4. In the User Mapping step, specify how the KPN will be mapped to a UME user by selecting a mapping mode and source.

  3. Select the new realm and choose the Enable pushbutton.