Kerberos keys

You can configure Kerberos as required.

Properties that are highlighted as cross-tenant properties can only be changes using ARIS Cloud Controller Command-line Tool. To change these settings enter the following:

reconfigure umcadmin_<size of your installation, s, m, or l> JAVA-D<property name>="<value>"

Example

reconfigure umcadmin_m JAVA-Dcom.aris.umc.loadbalancer.url="https://myserver.com"

General

Key

Description

Valid input

Example

com.aris.umc.kerberos.active

Use Kerberos

Specifies whether a Kerberos-based login is allowed.

true, false

 

com.aris.umc.kerberos.kdc

KDC

Specifies the fully qualified name of the central Key Distribution Center (KDC). This is usually the fully qualified host name of the LDAP server.

String

049bfs01.me.corp.softwareag.com

com.aris.umc.kerberos.realm

Realm

Specifies the realm of Kerberos tickets. Fully qualified domain name in uppercase letters.

String

MY.CORP.SOFTWAREAG.COM

com.aris.umc.kerberos.servicePrincipalName

Principal

Specifies the name of the user used for verifying Kerberos tickets.

If Kerberos is used, each user, computer or service provided by a server must be defined as a principal.

String

MyLogin

com.aris.umc.kerberos.keyTab

Key table

Specifies the location of the keytab file that is used for Kerberos tickets.

The file can be uploaded directly.

String

C:/safePlace/krb-umc.keytab

com.aris.umc.kerberos.config

Configuration file

Storage location of the configuration file for Kerberos.

The file can be uploaded directly.

String

./config/Kerberos/krb5.conf

Advanced settings

Key

Description

Valid input

Example

com.aris.umc.kerberos.debug

Debug output

Specifies whether debug output is allowed for Kerberos operations.

true, false

 

com.aris.umc.kerberos.allowLocalUsers

Allow local users

Specifies whether the LDAP connection is mandatory for Kerberos-based login. If this option is enabled, Kerberos is used for the login of local users also.

true, false

 

com.aris.umc.kerberos.validateuser

Ignore realm from service ticket

Specifies whether or not the realm defined for the user principal name provided in the kerberos ticket is to be ignored. The default value is false.

true, false

 

com.aris.umc.kerberos.tenant

Default tenant

Specifies the default tenant for a Kerberos-based login. Cross-tenant property that can only be changed using ARIS Cloud Controller. For further information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual.

true, false