Configure Kerberos authentication on TEXTML Server
To enable Kerberos user authentication, you modify the IXIASOFT TEXTML Server configuration.
Understanding Service Principal Names
To use Kerberos authentication, you need to create Service Principal
Names (SPN) for the server in the Active Directory. The SPN is a unique identifier that
must be created for each service that will use Kerberos authentication, so that clients
can locate it over a network. The SPN is assigned to the account that is running TEXTML
Server. The account that you assign it to depends on your configuration:
The SPN is the name that users will enter when they add a server to an
administration console. - If the TEXTML Server service runs under
the "Local Service" (default) or "System" account, the SPN is assigned to the NetBIOS name of the machine (for example,
machinename@acme.local
). Note that the TEXTML Server service should not run as the Local Service if one of the following conditions apply:- TEXTML Server is installed in a Windows cluster,
- There are multiple Active Directory Forests in the network, or
- An Active Directory Forest includes many domains
- If the TEXTML Server service is running
as another user, the SPN is assigned to this user name (for
example,
myusername@acme.local
). This user name must be unique in the Active Directory. - If the TEXTML Server service is running
in a cluster, the SPN must be assigned to the user name
(for example,
myusername@acme.local
) and not the machine name, so that it can still be reached in case of a cluster failover.
Note: Kerberos delegation must also be enabled on the computer or user
account.
When enabled, Kerberos authentication is performed each time a user attempts to connect to a TEXTML Server instance. For more information about Kerberos, see Microsoft's article at the following URL:
http://msdn.microsoft.com/en-us/library/ms178119(v=sql.105).aspx
This procedure:- Creates Service Principal Names (SPN) for the TEXTML Server service in the Active Directory of the Kerberos server.
- TEXTML ServerEnables Kerberos delegation for the machine or user account.
- Enables TEXTML Server authentication in the TEXTML Server configuration.
Kerberos authentication requires that TEXTML Server runs on a recent version of Windows server with Active Directory.
The following commands must be run using Administrator privileges in an elevated command prompt.
To enable Kerberos authentication: