BusinessObjects Enterprise Administrator's Guide

Configuring Kerberos for Windows Active Directory authentication

You must modify your system configuration before you can use Kerberos with Windows Active Directory authentication.

Note:    

To configure Kerberos with Windows Active Directory authentication
  1. Configure Kerberos with Windows Active Directory authentication on your BusinessObjects Enterprise system. For more information, see Configuring the Windows AD plug-in for Kerberos authentication.
  2. Download and install MIT Kerberos for Windows 2.6.5 from the \add-ons\third_party\MIT_Kerberos directory on your Collaterals CD.
  3. Add the following to your Kerberos krb5.ini configuration file, where DNS.COM is the DNS name of your domain in uppercase:

    4. Note:    

  4. Create a keytab for your service account.

    5. On the domain controller, type the following command, where svcacct is the name of your service account, DNS.COM is your domain in uppercase, and my_password is your password:

    Note:    For a Windows 2003 domain, add the following parameter to the command:

  5. Copy and install the keytab to your machine that runs the CMS. Place the keytab in the same location that you specified in default_keytab_name of krb5.ini.
  6. Go to the Authentication management area of the CMC.
  7. Click the Windows AD tab.
  8. In the Service Principal Name box, enter the service principal name of the service account.

    9. Use the following format, where svcacct is the name of your service account, and DNS.COM is your domain in uppercase:

  9. Add the following to your JAAS bscLogin.conf configuration file:

    10. Note:    


Business Objects
http://www.businessobjects.com/
Support services
http://www.businessobjects.com/services/support/
Product Documentation on the Web
http://support.businessobjects.com/documentation/