My webMethods Server 10.3 | My webMethods Server Webhelp | Administering My webMethods Server | System Administrator Functions | Managing Security | Configuring Kerberos Authentication | Configuring Windows Server and Active Directory for Kerberos Authentication
 
Configuring Windows Server and Active Directory for Kerberos Authentication
Perform the following steps to configure Active Directory as the key distribution center (KDC) for Kerberos authentication. Unless indicated otherwise, perform the steps on the Windows Server machine that hosts Active Directory.
*To configure Active Directory as the key distribution center for Kerberos authentication
1. Configure a user account for the Kerberos principal in Active Directory. Do not select any encryption. The default encryption is RC4.
2. Create a Service Principal Name (SPN) and a keytab file using the ktpass command line utility and the following command:
ktpass -out <Keytab_File_Name>.keytab -princ
HTTP/<FQDN_of_Active_Directory_Server>@<Domain_Name> -mapUser
 <FQDN_of_Active_Directory_Server>@<FQDN_of_MWS_Server_Machine> -mapop
set<MWS_Server_User_Password> -crypto all -ptype KRB5_NT_PRINCIPAL -kvno 0
Example:
ktpass -out MWS_Kerberos_User.keytab -princ HTTP/VMHOSTNAME.SPARTA.RNDLAB.
LOC@SPARTA.RNDLAB.LOC
-mapUser Bob@SPARTA.RNDLAB.LOC
-mapOp set -pass pass12345 -crypto all
-pType KRB5_NT_PRINCIPAL -kvno 0
Where MWS_Kerberos_User is the name of the keytab file, Bob is the user, and SPARTA.RNDLAB.LOC is the fully qualified domain name of the AD server.
3. Copy the keytab file to any directory of the machine that hosts My webMethods Server.
4. Verify that the keytab file is created correctly by executing the following java command from <JAVA_INSTALL> /jre/bin:
kinit -J-Dsun.security.krb5.debug=true -k
  -t <Keytab_file_absolute_path> HTTP/<FQDN_of_Active_Directory_Server>