Configuring the Kerberos authenticatorAdded by Jason English on September 19, 2011 | Version 1 (Original)
|Configure Kerberos as the backend authenticator on IBM® Connections.
Configure Kerberos as the backend authenticator on IBM
Before you begin
Complete this task if you are using Tivoli
® Access Manager with SPNEGO or SiteMinder with SPNEGO. If you are using other Single Sign-On solutions, do not complete this task. Instead, configure the customAuthenticator as your backend authenticator. For more information, see the Configuring the default authenticator
About this task
Edit the LotusConnections-config.xml
file to configure the Kerberos authenticator in your deployment.
To configure Kerberos as the default authenticator, complete the following steps:
Parent topic: Enabling single sign-on for the Windows desktop
Previous topic: Configuring the default authenticator
Next topic: Configuring SPNEGO on IBM HTTP Server
Configuring the default authenticator
Starting the wsadmin client
Changing common configuration property values
Forcing users to log in before they can access an application
Enabling single sign-on for Tivoli Access Manager with SPNEGO
Enabling single sign-on for SiteMinder with SPNEGO
- Open a command prompt, start the wsadmin client, and enter the following command to check out the configuration file:
If you are prompted to specify which server to connect to, enter 1.
- app_server_rootis the WebSphere® Application Server installation directory
- <DMGR> is the name of the Deployment Manager profile, such as Dmgr01
- <working_directory> is the temporary working directory to which configuration files are copied and stored while you edit them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.
- <cell_name> is the name of the WebSphere Application Server cell hosting IBM Connections. This argument is case sensitive.
If you do not know the cell name, enter the following command in the wsadmin client to determine it:
- AIX or Linux:
- Update the value of the custom authenticator attribute by entering the following command:
- Check the LotusConnections-config.xml file in by entering the following command:
For more information about the wsadmin client, see the Starting the wsadmin client topic.
For more information about editing configuration attributes, see the Changing common configuration property values topic.
- Update the reauthenticate property in the files-config.xml file. When this property is set to false, and when an IBM Connections application detects a session timeout, users must log in again through the SSO authentication mechanism. To update the reauthenticate property, complete the following steps:
- Use the following command to check out the file:
Note: If you are prompted to specify which server to connect to, enter 1.
- Update the reauthenticate property by running the following command:
- Check the files-config.xml file in by running the following command: