You can configure Kerberos as required.
Properties that are highlighted as cross-tenant properties can only be changes using ARIS Cloud Controller Command-line Tool. To change these settings enter the following:
reconfigure umcadmin_<size of your installation, s, m, or l> JAVA-D<property name>="<value>"
Example
reconfigure umcadmin_m JAVA-Dcom.aris.umc.loadbalancer.url="https://myserver.com"
General
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.kerberos.active |
Use Kerberos Specifies whether a Kerberos-based login is allowed. |
True, False |
|
com.aris.umc.kerberos.kdc |
KDC Specifies the fully qualified name of the central Key Distribution Center (KDC). This is usually the fully qualified host name of the LDAP server. |
String |
mykdc.mydomain.com |
com.aris.umc.kerberos.realm |
Realm Specifies the realm of Kerberos tickets. Fully qualified domain name in uppercase letters. |
String |
MY.CORP.SOFTWAREAG.COM |
com.aris.umc.kerberos.servicePrincipalName |
Principal Specifies the name of the technical user used for verifying Kerberos tickets. If Kerberos is used, each user, computer or service provided by a server must be defined as a principal. |
String |
MyLogin |
com.aris.umc.kerberos.keyTab |
Key table Specifies the location of the keytab file that is used for Kerberos tickets. The file can be uploaded directly. |
String |
C:/safePlace/krb-umc.keytab |
com.aris.umc.kerberos.config |
Configuration file Storage location of the configuration file for Kerberos. The file can be uploaded directly. |
String |
./config/Kerberos/krb5.conf |
Advanced settings
Key |
Description |
Valid input |
Example |
---|---|---|---|
com.aris.umc.kerberos.debug |
Debug output Specifies whether debug output is allowed for Kerberos operations. |
True, False |
|
com.aris.umc.kerberos.allowLocalUsers |
Allow local users Specifies whether the LDAP connection is mandatory for Kerberos-based login. If this option is enabled, Kerberos is used for the login of local users also. |
True, False |
|
com.aris.umc.kerberos.validateuser |
Ignore realm from service ticket Specifies whether or not the realm defined for the user principal name provided in the Kerberos ticket is to be ignored. The default value is false. |
True, False |
|
com.aris.umc.kerberos.tenant |
Default tenant Specifies the default tenant for a Kerberos-based login. Cross-tenant property that can only be changed using ARIS Cloud Controller. For further information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual. |
True, False |
|