WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Implement Kerberos in Websphere 8.5

    Posted Thu September 18, 2014 05:39 PM
    Hi All,

    We have to want implement Kerberos in Websphere application server.
    I have question regarding creating Keytab file in LDAP server.

    My Websphere application server is installed on Linux OS and Host name is -

    WASServer1.abc.xyz.com(This is the example).  In this example abc.xyz.com is the domain name

    Our LDAP server domain name is def.uvw.com . In this casedef.uvw.com is another domain name.

    Then could you please tell me the Keytab file command based on above example.

     I am awaiting for your response. Thanks in Advance.

    Regards,
    RSY Narayan 


  • 2.  Implement Kerberos in Websphere 8.5

    Posted Fri September 19, 2014 10:48 AM
     url ==> WASServer1.abc.xyz.com

     windows Domain -==>  casedef.uvw.com

     Dns Domain ==> abc.xyz.com  

     For creating keytab.. example command as follows

     on KDC server you need create for one user example spnegosso with password w38sphere

     on KDC server as admin user.

     example ktpass command as follows  

     ktpass -princ HTTP/WASServer1.abc.xyz.com@CASEDEF.UVW.COM -ptype KRB5_NT_PRINCIPAL -mapuser spnegosso -mapOp set -pass w38sphere -out C:\krb5\websphere.keytab

     move that websphere.keytab to WAS machine and generate krb5.ini using wsadmin command.. example as follows

     $AdminTask createKrbConfigFile {-krbPath C:\krb5\was8\krb5.ini -realm AUSTINLDAP -kdcHost kdcserverhost.casedef.uvw.com -dns abc.xyz.com -keytabPath C:\krb5\was8\websphere.keytab}


  • 3.  Implement Kerberos in Websphere 8.5

    Posted Tue September 23, 2014 03:53 AM
    Hi,

    Apologies for delay reply.

    I will check and update to you.

    Regards,
    RSY Narayan


  • 4.  Implement Kerberos in Websphere 8.5

    Posted Tue September 23, 2014 10:32 AM
    Hi,

    Could you please confirm below steps for creating keytab and krb5 file?

    RSI.LOCALLDAP= our LDAP server domain

    I got hostname of the websphere Application on linux box "/etc/hosts file as RSI-PUN-CHEMBINGRID. In web application server RSI-PUN-CHEMBINGRID we have configured the kerberos related settings.

    Step-1:- Use the setspn command to map the Kerberos service principal name

    C:\Program Files\Support Tools> setspn -A HTTP/RSI-PUN-CHEMBINGRID  RSI-PUN-CHEMBINGRID

    Step-2: Next created the keytab file on LDAP server

    ktpass.exe -out c:\temp\RSI-PUN-CHEMBINGRID.keytab -princ HTTP/RSI-PUN-CHEMBINGRID@RSI.LOCALLDAP -mapUser RSI-PUN-CHEMBINGRID -mapOp set -pass xxxxxxxxx -crypto DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly

    Step-3: Next, created the Krb5 file based on below command in WAS-

    $AdminTask createKrbConfigFile {-krbPath /opt/IBM/WebSphere/AppServer_1/profiles/Custom01/bin/krb5.conf -realm RSI.LOCALLDAP -kdcHost RSI-PUN-CHEMBINGRID -dns RSI.LOCALLDAP -keytabPath /opt/IBM/WebSphere/AppServer_1/profiles/Custom01/bin/RSI-PUN-CHEMBINGRID.keytab}

    Please confirm me. Thanks in Advance.

    Regards,
    RSY Narayan


  • 5.  Implement Kerberos in Websphere 8.5

    Posted Thu September 25, 2014 02:58 AM
    Hi,

    As per my last replied, Could you please confirm my configuration?

    Regards,
    RSY


Related Content