Before using Kerberos with Vector, Kerberos should be appropriately configured in your enterprise.

A primary component of Kerberos is the Key Distribution Center (KDC). The KDC is a server process that performs the core authentication. The authentication protocol is a set of encrypted tickets that are passed from the KDC to client processes or intermediate agents known as “service principals.” For the sake of simplicity, let us assume that a single KDC will perform the Kerberos authentication.

If the enterprise contains only one DBMS Server, a possible option is to execute the KDC on the same machine as the DBMS Server:

If enough resources are available, it is desirable to install the KDC on a network node separate from the Vector installation. In this way, security restrictions can be imposed on the Kerberos node that may not be possible if Kerberos resided on the same machine as a DBMS Server:

The example above demonstrates why Kerberos is sometimes referred to as “distributed authentication.” The KDC performs authentication for all Vector nodes in the enterprise, even though the KDC itself resides on a separate network node.

Here are examples of Kerberos configuration files. These examples assume that the KDC resides on the node foo.xyz.com and the Kerberos domain is named MYDOMAIN.XYZ.COM,

The krb5.conf file may look like this:

The kdc.conf file may look like this: