Previous Topic: How you set Up Keytab Authentication Using the Host PrincipalNext Topic: Set Up Keytab Authentication Using the CA IAM CS Host Principal if Keytab File Exists

Connector GuidesConnectors GuideConnecting to EndpointsKerberos ConnectorKerberos Installation and DeploymentKeytab and Cross-realm Paths SetupHow to Set Up the CA IAM CS Host to be a Member of the Target RealmSet Up Keytab Authentication Using the CA IAM CS Host Principal if Keytab File Does Not Exist

Set Up Keytab Authentication Using the CA IAM CS Host Principal if Keytab File Does Not Exist

To set up keytab authentication using the host principal if the default keytab file does not exist, you need to create a new keytab file.

To specify keytab authentication using the CA IAM CS host principal if keytab file does not exist

  1. Enter the following command in kadmin: 
    kadmin: ktadd -k temp_keytab jcs-host-principal

    Kerberos adds the entries into a temporary keytab.

    Note: This creates a new randomized password for the host principal, thus any entries for the host principal in any existing keytab file are no longer valid.

  2. In the KDC, modify the kadm5.acl file using a text editor.

    The connector adds the necessary privileges to the host principal.

    Note: Use * to specify all privileges.

  3. In the Provisioning Manager, on the Endpoint Property sheet, click the Properties tab.

    The Properties tab is displayed.

  4. Select the Keytab option.
  5. Leave the Keytab and Principal fields blank.
  6. Click Apply.

    The Kerberos Connector uses the CA IAM CS host principal for keytab authentication.