Federation Manager Agent for Windows Authentication Guide › Deployment Prerequisites for the Federation Manager Agent › Additional Configuration for Kerberos on Windows
Additional Configuration for Kerberos on Windows
The following actions are required on the Federation Manager server when using Kerberos on Windows:
- Configure a Kerberos configuration file (krb5.ini) and place krb5.ini in the Windows system root path:
- Configure the KDC for the Windows 2003 Kerberos realm (domain) to use the Windows 2003 domain controller.
- Configure krb5.ini to use the Windows 2003 KDC keytab file containing the credentials of the workstation principal.
[libdefaults]
default_realm = IDP.COM
default_keytab_name = C:\WINDOWS\krb5.keytab
default_tkt_enctypes = des-cbc-md5 rc4-hmac
default_tgs_enctypes = des-cbc-md5 rc4-hmac
[realms]
IDP.COM = {
kdc = winkdc.idp.com:88
default_domain = IDP.COM
}
[domain_realm]
.idp.com = IDP.COM
- Deploy the Windows 2003 KDC keytab file to a secure location (as mentioned for krb5.ini).
|
Copyright © 2012 CA.
All rights reserved.
|
|
