Software AG Products 10.7 | Integrating On-Premises and Cloud Applications | Administering Integration Server | Configuring Integration Server to Use Kerberos | Configuring Integration Server to Use Kerberos | Order of Precedence for Principal Name and Password
 
Order of Precedence for Principal Name and Password
The Kerberos login module uses the principal name and password to authenticate the principal to the key distribution center (KDC). However, you can specify principal name and password in other locations.
*You can specify the principal name in the is_jaas.cnf file, which is the JAAS login configuration file, and the principal password in the keytab file. You must set principal=client_principal_name and useKeyTab=true in the is_jaas.cnf file to use the specific principal name and the corresponding password specified in the keytab file.
Note:
If you use this mode to specify the principal, the use of the Kerberos login module is restricted to that principal.
*For inbound service requests, you can also specify the principal name and password in the port configuration.
*For outbound services requests, you can specify the principal name and password in the pub.client:http service in the clientPrincipal and clientPassword fields in the auth\kerberos document.
*For inbound and outbound web service requests, you can also specify the principal name and password in the web service endpoint alias.
*For outbound web service requests, you can also specify the principal name and password at run time in the web service connector using the clientPrincipal and clientPassword in the auth\message\kerberosSettings document.
For service requests, Integration Server uses this order of precedence when determining which principal name and password to use:
1. The principal name in the is_jaas.cnf file and the corresponding password specified in the keytab file.
2. For inbound service requests, the principal name and password specified in the port configuration, if present.
For outbound service requests, the principal name and password specified in the pub.client:http service, if present.
For web service requests, Integration Server uses this order of precedence when determining which principal name and password to use:
1. The principal name in the is_jaas.cnf file and the corresponding password specified in the keytab file.
2. For outbound web service requests, the principal name and password specified at run time in the web service connector, if present.
3. For inbound and outbound web service requests, the principal name and password specified in the web service endpoint alias, if present.