Creating a keytab file for the Kerberos service account (using the ktutil command on Linux)

https://docs.tibco.com/pub/spotfire_server/7.13.0/doc/html/TIB_sfire_server_tsas_admin_help/GUID-27726F6E-569C-4704-8433-5CCC0232EC79.html

This method of creating a keytab file on Linux uses the ktutil command.

Prerequisites

  • Kerberos is installed on the Linux host where Spotfire Server is installed.
  • The tools ktutil, klist, and kinit are available on the Linux host.

Procedure

  1. Start the ktutil tool by invoking it from the command line without any arguments. Execute the commands below, replacing <database account name> with the user login name of the Spotfire database account, written in lowercase letters:

    > ktutil
    
    ktutil:  add_entry -password -p <database account name> -k 0 -e aes128-sha1
    
    Password for <database account name>:
    
    ktutil:  write_kt spotfire-database.keytab
    
    ktutil:  quit

    Note: All values are case sensitive.

    Note: It is not critical to use the name "spotfire‐database.keytab" for the keytab file, but the following instructions assume that this name is used.

    The tool prompts you for the password of the service account.

  2. Enter the password that you used when creating the Spotfire database account.
  3. Verify the created keytab by running the klist and kinit utilities:

    > klist  -k spotfire-database.keytab
    
    > kinit  -k  -t spotfire-database.keytab <database account name>@<realm>

    Note: If you change the password of the Kerberos service account, you must re-create the keytab file.

    Creating and verifying a keytab file for the "serverdb_user" Spotfire database account in the research.example.com domain:

    > ktutil
    
    ktutil:  add_entry -password -p serverdb_user -k 0 -e rc4-hmac-nt
    
    Password for serverdb_user:
    
    ktutil:  write_kt spotfire-database.keytab
    
    ktutil:  quit
    
    > klist -k spotfire-database.keytab
    
    > kinit -k -t spotfire-database.keytab [email protected]
  4. Copy the spotfire-database.keytab file to the following Spotfire Server directory: <installation dir>/jdk/jre/lib/security.

    Note: Because this file contains sensitive information, it must be handled with care. The file must not under any circumstances be readable by unauthorized users.

    Note: If you change the password of the Kerberos service account, you must re-create the keytab file.

原文地址:https://www.cnblogs.com/frankzye/p/12303953.html

时间: 2024-10-07 18:33:33

Creating a keytab file for the Kerberos service account (using the ktutil command on Linux)的相关文章

TFS Build Error: CSC : fatal error CS0042: Unexpected error creating debug information file &#39;xxxx.PDB&#39;

CSC : fatal error CS0042: Unexpected error creating debug information file 'xxxx.PDB' -- 'c:\Builds\xxxx.pdb: The process cannot access the file because it is being used by another process. 查看了详细的Build Log, 发现了同样的一文件被build了两次. 原因是 Solution 中的 Project

oracle rman catalog--ORA-01580: error creating control backup file

在测试rman catalog时,错误的设置了snapshot路径,报错 RMAN> show snapshot controlfile name; RMAN configuration parameters for database with db_unique_name ORCL are: CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/u01/app/oracle/product/11.2.0/db_1/dbs/snapcf_orcl.f'; # defa

错误: No API token found for service account &quot;default&quot;,

[[email protected] pods]# kubectl create -f mysql.yaml Error from server (ServerTimeout): error when creating "mysql.yaml": No API token found for service account "default", retry after the token is automatically created and added to t

Deploying OpenFire for IM (instant message) service (TCP/IP service) with database MySQL , client Spark on linux部署OpenFire IM 消息中间件服务

Are you a hacker? How to build another QQ/Wechat/whatsapp/skype/imessage? Let's go through this!!!! Materials: A linux/unix/windows/mac computer/server, and do some basic things! Are you feeling high? Okay, let's ride the rocket! Get materials: 1. A

Reporting Service 配置Service Account

1,Service Account SSRS以一个Service方式实现,有三部分组成:Web Service,Report Manager和一个后台的进程,这个Service运行的账号就是Service Account.虽然Report Server Web service and Report Manager都是Asp.net应用程序,但是他们并不运行在Asp.net应用程序的 Account(在 Application Pool 中配置 Identity)下,Report Server W

SQL Server 2012 Managed Service Account

原创地址:http://www.cnblogs.com/jfzhu/p/4007472.html 转载请注明出处 (一)Windows服务使用的登陆帐号 Windows服务只有登录到某一帐户的情况下才能访问操作系统中的资源和对象.服务一般不要更改默认的登录帐户,否则可能导致服务失败.如果选定帐户没有足够的权限,Microsoft 管理控制台(MMC)的服务管理单元将自动为该帐户授予登录所管理计算机中服务的用户权限.Windows Server 的服务可以用域帐户或者三个内置的本地帐户作为各系统服

kubernetes的Service Account

Service account作用Service account是为了方便Pod里面的进程调用Kubernetes API或其他外部服务. Service account使用场景运行在pod里的进程需要调用Kubernetes API以及非Kubernetes API的其它服务.Service Account它并不是给kubernetes集群的用户使用的,而是给pod里面的进程使用的,它为pod提供必要的身份认证. 与User account区别(1)User account是为人设计的,而se

kubernetes的Service Account和secret

系列目录 Service Account Service Account概念的引入是基于这样的使用场景:运行在pod里的进程需要调用Kubernetes API以及非Kubernetes API的其它服务.Service Account它并不是给kubernetes集群的用户使用的,而是给pod里面的进程使用的,它为pod提供必要的身份认证. kubectl get sa --all-namespaces NAMESPACE NAME SECRETS AGE default build-robo

Using AFNetWorking 2.0 upload file to php web service server based on Slim

Recently i am developing the IOS app, a feature is needed to upload image to the webservice server. I am using the AFNetworking library. The function is as follow. -(void)SendImage:(NSData *)imgData { NSDictionary *parameters = @{@"ShopID": [NSS