This chapter describes how to authenticate EDQ using Kerberos.
EDQ supports integration with multiple authentication realms, which can use different LDAP servers. For example, a single EDQ server may support external authentication from both a Microsoft Active Directory realm and an Oracle Internet Directory realm, if required.
These global settings can be specified in the security/login.properties
configuration file. Properties are configured using the syntax property_name = value
, for example:
realms = realm1, realm2
Where noted, you can override the global settings at the realm level. Realm-level settings are more specific and always override global settings (see Section 2.6, "Configuring Individual Realm LDAP Settings").
Property | Description | Example Value | Mandatory? |
---|---|---|---|
|
The path to a Kerberos keytab file. If using SSO a single keytab must be defined at the global level. A single keytab can contain entries for several realms. |
If no path is specified, a default is chosen based on the operating. |
No. Only necessary to enable SSO (where users do not need to log in to EDQ user applications) in environments where the EDQ server is not itself on the AD domain. |
|
Specifies the Kerberos Service Principal Name, used for SSO. May be overridden at realm level. |
|
No. If not set, the default value is HOST/hostname. |