Verify Informix® uses Kerberos authentication for SSO
Before you set up the SQLHOSTS information and concsm.cfg file for the client computer in a single sign-on implementation, verify that your login service is correctly configured to use Kerberos authentication.
Before you begin
About this task
Procedure
- Log on by using Kerberos authentication, which typically
generates the required user credentials (ticket-granting ticket) for
SSO on all platforms. However, if you are working on UNIX™ or Linux™,
you can also employ the kinit utility to obtain
a ticket-granting ticket (TGT).For example, the following command can generate a TGT for the user named admin in the realm payroll.jkenterprises.com:
% /usr/local/bin/kinit admin@payroll.jkenterprises.com
- Use the klist utility to view the credentials
cache from the KDC and verify the existence of a valid ticket for
the user ID. A valid ticket looks similar to the following example:
Ticket cache: FILE:/tmp/krb5cc_200 Default principal: admin@payroll.jkenterprises.com Valid starting Expires 01/30/08 09:45:28 01/31/08 09:45:26 Service principal krbtgt/payroll.jkenterprises.com@jkenterprises.com
- After Informix® accepts
a connection request, verify that a valid ticket-granting service
(TGS) is present.The TGS is required for the server service principal.The following example shows the output of the klist utility, with ol_home2data/jkent-005.payroll.jkenterprises.com as the Informix® service principal.
Ticket cache: FILE:/tmp/krb5cc_200 Default principal: admin@payroll.jkenterprises.com Valid starting Expires 01/30/08 09:45:28 01/31/08 09:45:26 Service principal krbtgt/payroll.jkenterprises.com@jkenterprises.com 01/30/08 09:48:31 01/31/08 09:45:26 ol_home2data/jkent-005.payroll.jkenterprises.com@jkenterprises.com