zoukankan      html  css  js  c++  java

  • Creating a keytab file for the Kerberos service account (using the ktutil command on Linux)

    https://docs.tibco.com/pub/spotfire_server/7.13.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-27726F6E-569C-4704-8433-5CCC0232EC79.html

    This method of creating a keytab file on Linux uses the ktutil command.

    Prerequisites

    • Kerberos is installed on the Linux host where Spotfire Server is installed.
    • The tools ktutil, klist, and kinit are available on the Linux host.

    Procedure

    1. Start the ktutil tool by invoking it from the command line without any arguments. Execute the commands below, replacing <database account name> with the user login name of the Spotfire database account, written in lowercase letters: 
      > ktutil

ktutil:  add_entry -password -p <database account name> -k 0 -e aes128-sha1

Password for <database account name>:

ktutil:  write_kt spotfire-database.keytab

ktutil:  quit
      Note: All values are case sensitive.
      Note: It is not critical to use the name "spotfire‐database.keytab" for the keytab file, but the following instructions assume that this name is used.
      The tool prompts you for the password of the service account.
    2. Enter the password that you used when creating the Spotfire database account.
    3. Verify the created keytab by running the klist and kinit utilities: 
      > klist  -k spotfire-database.keytab

> kinit  -k  -t spotfire-database.keytab <database account name>@<realm>
      Note: If you change the password of the Kerberos service account, you must re-create the keytab file.
      Creating and verifying a keytab file for the "serverdb_user" Spotfire database account in the research.example.com domain: 
      > ktutil

ktutil:  add_entry -password -p serverdb_user -k 0 -e rc4-hmac-nt

Password for serverdb_user:

ktutil:  write_kt spotfire-database.keytab

ktutil:  quit

> klist -k spotfire-database.keytab

> kinit -k -t spotfire-database.keytab serverdb_user@RESEARCH.EXAMPLE.COM
    4. Copy the spotfire-database.keytab file to the following Spotfire Server directory: <installation dir>/jdk/jre/lib/security.
      Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.
      Note: If you change the password of the Kerberos service account, you must re-create the keytab file.
     
  • 相关阅读:
    Android开发经验一判断当前屏幕是全屏还是非全屏
    Android得到控件在屏幕中的坐标
    MyBatis简单的增删改查以及简单的分页查询实现
    Coreseek:第二步建索引及測试
    极静之渊
    统计电影票房排名前10的电影并存入还有一个文件
    AAA
    FreeLink开源呼叫中心设计思想
    树后台数据存储(採用webmethod)
    [乐意黎原创] 百度统计这个坑爹货
  • 原文地址:https://www.cnblogs.com/frankzye/p/12303953.html
Copyright © 2011-2022 走看看