To configure the server for Kerberos authentication, modify the csi.xml and csi_kerberos.xml files.
Kerberos ticket-based authentication is supported in the Event Stream Processor.
The security configuration information is maintained in an XML-based configuration file
that is accessible by all cluster managers.
- Use a text editor to open the $ESP_HOME/cluster/<node-name>/<node-name>.xml file. The file should contain the following lines:
<Property name="java.security.krb5.realm">REALM_PLACEHOLDER</Property>
<Property name="java.security.krb5.kdc">KDC_PLACEHOLDER</Property>
- Add the following to the
$ESP_HOME/cluster/<node-name>/<node-name>.xmlfile:
<Csi>
<File> csi_kerberos.xml</File>
</Csi>
- Add the following to the $ESP_HOME/security/csi_kerberos.xml
file. You need to set the principal value configuration option to an ESP service
name, and the keytab option needs to be set to reflect the full path of a keytab
file. This is an example csi_kerberos.xml file entry with an ESP service name of
'principal' and a defined keytab path:
<config:configuration xmlns:config="http://www.sybase.com/csi/2.5/config">
<config:authenticationProvider name="com.sybase.esp.cluster.security.KerberosLoginModule"/>
<config:options name="principal" value="esp/myhost" />
<config:options name="keyTab" value="C:/Documents and Settings/user/krb.keytab" />
<config:provider name="com.sybase.security.core.NoSecAuthorizer" type="authorizer"/>
<config:provider name="com.sybase.security.core.NoSecAttributer" type="attributer"/>
</config:configuration>
- Restart the server. All of the cluster managers must be restarted.