Configuring Kerberos authentication for OpenAccess SDK Server

In your data access service or your OpenAccess SDK Agent service, set ServiceAuthMethods attribute to a value of kerberos.

In the server data source, set the DataSourceLogonMethod attribute to a value of OSIntegrated. This allows the service to authenticate the client using the operating system user ID and password.

If you installed the OpenAccess SDK Server on Windows, skip to Step 3.

If you installed the OpenAccess SDK Server on Linux and UNIX, modify the krb5.conf file to contain your Kerberos realm name and the KDC name for that Kerberos realm. Modify the krb5.conf file by editing the file with a text editor.

Note: In Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.

For example, if your Kerberos realm name is XYZ.COM and your KDC name is kdc1, your krb5.conf file would look like this:

[libdefaults]
default_realm = XYZ.COM
default_keytab_name = FILE:/installdir/lib/krb5/krb5.keytab
default_tkt_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
XYZ.COM = {
kdc = kdc1:88
admin_server = server1.eu.xyz.com:749
default_domain = kdc1
};
[domain_realm]
.xyz.com = XYZ.COM
.eu.xyz.com = XYZ.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log 

(Optional) If you want to use a service principal name other than the default name to identify the OpenAccess SDK service, specify a value for the ServiceKerberosPrincipalName attribute for data access services or the ServiceAdminKerberosPrincipalName attribute for OpenAccess SDK Agent services. See ServiceKerberosPrincipalName and ServiceAdminKerberosPrincipalName for details.