Configure the Kerberos configuration properties

 

+

Search Tips   |   Advanced Search

 

The Kerberos configuration properties files...

...must be configured on every WAS instance in a cell in order to use the SPNEGO TAI for WAS.

You search for the default Kerberos configuration file in the order as follows:

  1. The file referenced by the Java property java.security.krb5.conf
  2. <java.home>/lib/security/krb5.conf
  3. c:\winnt\krb5.ini on Microsoft Windows platforms
  4. /etc/krb5/krb5.conf on UNIX platforms
  5. /etc/krb5.conf on Linux platforms.

A configuration file for a Kerberos configuration on a UNIX platform follows:

[libdefaults]
 default_realm = WSSEC.AUSTIN.IBM.COM
        default_keytab_name = FILE:/etc/krb5.keytab
        default_tkt_enctypes = des-cbc-md5
        default_tgs_enctypes = des-cbc-md5
[realms]
        WSSEC.AUSTIN.IBM.COM = {
  kdc = axel.austin.ibm.com:88
              default_domain = austin.ibm.com        
}
[domain_realm]
        .austin.ibm.com = WSSEC.AUSTIN.IBM.COM

In the above example, the Kerberos key distribution center (KDC) is axel.austin.ibm.com:88. The Kerberos keytab file is located at: FILE:/etc/krb5.keytab. The Kerberos realm name is WSSEC.AUSTIN.IBM.COM, which is also the Microsoft domain controller. After you update your Kerberos configuration properties for your particular system deployment, your Kerberos configuration is ready for use with the SPNEGO TAI.


Sub-topics


Creating the Kerberos configuration file for use with the SPNEGO TAI

 

Related tasks


Creating the Kerberos keytab file
Configure WAS environment to use SPNEGO

 

Related Reference


Kerberos configuration requirements for SPNEGO TAI

 

Reference topic