Connector GuidesConnectors GuideConnecting to EndpointsKerberos ConnectorKerberos Installation and DeploymentKeytab and Cross-realm Paths SetupHow to Set Up the Java CS Host to be a Member of the Target Realm › Set Up Keytab Authentication Using the Java CS Host Principal if Keytab File Exists

Previous Topic: Set Up Keytab Authentication Using the Java CS Host Principal if Keytab File Does Not Exist

Next Topic: Set Up Keytab Authentication Using a Custom Keytab and the Java CS Host Principal

Set Up Keytab Authentication Using the Java CS Host Principal if Keytab File Exists

To set up keytab authentication using the host principal if the keytab file exists, you need to add keytab entries for the Java CS host principal to the default /etc/krb5/krb5.keytab file.

To specify keytab authentication using the Java CS host principal if keytab file exists

  1. Enter the following commands in ktutil: 
    ktutil: read_kt temp_keytab 

    ktutil: read_kt /etc/krb5/krb5.keytab

    Kerberos reads both keytabs.

  2. Enter the following command in ktutil: 
    ktutil: write_kt /etc/krb5/krb5.keytab

    Note: Make sure that the entries for the host principal are the same, and are the latest key version number.

    Kerberos writes the entries to the default keytab file and the temporary keytab file is merged into the default keytab.

  3. In the KDC, modify the kadm5.acl file using a text editor.

    The connector adds the necessary privileges to the host principal.

    Note: Use * to specify all privileges.

  4. In the Provisioning Manager, on the Endpoint Property sheet, click the Properties tab.

    The Properties tab is displayed.

  5. Select the Keytab option.
  6. Leave the Keytab and Principal fields blank.
  7. Click Apply.

    The Kerberos Connector uses the Java CS host principal for keytab authentication.