How to Configure Vector to Use Kerberos
The process for configuring Vector to use Kerberos is as follows:
1. Set the basic configuration for using Kerberos by doing either of the following:
2. Set other parameters in Configuration-By-Forms, as needed, according to your environment.
3. Obtain authorization tickets by using the kinit command (Windows, Linux), the Leash Utility (Windows), or the Network Identity Manager (Windows).
4. Stop and restart Vector.
Startup will be successful if the Kerberos GSS API library exists in your LD_LIBRARY_PATH definition (Linux), or if the GSSAPI64.DLL and GSSAPI32.DLL files reside in your system environment path (Windows).
5. Test your server using a loopback test.
To test a loopback connection using Kerberos, the local Name Server must be configured for Kerberos authentication by using the iisukerberos utility or by setting the “remote_mechanism” setting in the Name Server to “kerberos” in the Configuration-By-Forms utility. In addition, your loopback vnode entry, as defined in netutil, must have an attribute named “authentication_mechanism” and an attribute value of “kerberos”, as described in
vnode Connection Attributes--Configure Client in a Heterogeneous Kerberos Environment.
If you do not want to define a loopback vnode, proceed to step 7.
6. Test your connection using the Terminal Monitor, as follows:
sql loopback::iidbdb
The loopback vnode should be as described in the preceding step.
7. Set up your clients. Your netutil definitions are almost the same as when using os-level authentication, but you should leave the login/password data blank.