Product: TIBCO Spotfire®
Setting up Kerberos authentication in a clustered TIBCO Spotfire Server environment with no Load Balancer
While setting up kerberos authentication in a clustered TIBCO Spotfire Server (TSS) environment with no load balancer (meaning users will access the specific TSS URLs instead of a single load balancer URL), the points mentioned in the resolution section must be followed. While all other steps here remain the same as in case of Kerberos set up in a clustered environment with a load balancer, the creation of the keytab file differs. The details are provided in the resolution section. While setting up Kerberos authentication on TIBCO Spotfire Servers in a clustered environment without a load balancer, the following points must be considered:
- Two Service Principal Names must be created for each TSS.
- One keytab file must be created. This must use the name of the service account running the TSS as the principal name. Below is example syntax of the "ktpass" command in this case:
ktpass /princ <Spotfire service account name>@REALM /ptype krb5_nt_principal /crypto <rc4-hmac or AES-256-sha1 or AES-128-sha1> /kvno 0 /out spotfire.keytab /pass <service account password>3. This keytab file must be copied to each TIBCO Spotfire Server.
The steps and commands here would be the same as in case of setting up Kerberos on a single TIBCO Spotfire Server, the only thing that vary are the points mentioned above.
Doc: Kerberos authentication for clustered servers with load balancer