Order of Precedence for Principal Name and Password
The Kerberos login module uses the principal name and password to authenticate the principal to the key distribution center (KDC). However, you can specify principal name and password in other locations.
You can specify the principal name in the is_jaas.cnf file, which is the JAAS login configuration file, and the principal password in the keytab file. You must set
principal=client_principal_name and
useKeyTab=true in the is_jaas.cnf file to use the specific principal name and the corresponding password specified in the keytab file.
Note: | If you use this mode to specify the principal, the use of the Kerberos login module is restricted to that principal. |
For inbound service requests, you can also specify the principal name and password in the port configuration.
For outbound services requests, you can specify the principal name and password in the
pub.client:http service in the
clientPrincipal and
clientPassword fields in the
auth\kerberos document.
For inbound and outbound web service requests, you can also specify the principal name and password in the web service endpoint alias.
For outbound web service requests, you can also specify the principal name and password at run time in the web service connector using the
clientPrincipal and
clientPassword in the
auth\message\kerberosSettings document.
For service requests, Integration Server uses this order of precedence when determining which principal name and password to use:
1. The principal name in the is_jaas.cnf file and the corresponding password specified in the keytab file.
2. For inbound service requests, the principal name and password specified in the port configuration, if present.
For outbound service requests, the principal name and password specified in the pub.client:http service, if present.
For web service requests, Integration Server uses this order of precedence when determining which principal name and password to use:
1. The principal name in the is_jaas.cnf file and the corresponding password specified in the keytab file.
2. For outbound web service requests, the principal name and password specified at run time in the web service connector, if present.
3. For inbound and outbound web service requests, the principal name and password specified in the web service endpoint alias, if present.