Before you set up the SQLHOSTS information and concsm.cfg file
for the client computer in a single sign-on implementation, verify
that your login service is correctly configured to use Kerberos authentication.
The client user principal and service principals must exist
in the Key Distribution Center (KDC) to authenticate by using the
Kerberos tickets. Also, the KDC daemon must be running.
- Log on by using Kerberos authentication, which typically
generates the required user credentials (ticket-granting ticket) for
SSO on all platforms. However, if you are working on UNIX or Linux,
you can also employ the kinit utility to obtain
a ticket-granting ticket (TGT). For example, the following
command can generate a TGT for the user named admin in the realm payroll.jkenterprises.com:
% /usr/local/bin/kinit admin@payroll.jkenterprises.com
- Use the klist utility to view the credentials
cache from the KDC and verify the existence of a valid ticket for
the user ID. A valid ticket looks similar to the following
example:
Ticket cache: FILE:/tmp/krb5cc_200
Default principal: admin@payroll.jkenterprises.com
Valid starting Expires
01/30/08 09:45:28 01/31/08 09:45:26
Service principal
krbtgt/payroll.jkenterprises.com@jkenterprises.com
- After Informix® accepts
a connection request, verify that a valid ticket-granting service
(TGS) is present. The TGS is required for the server service
principal. The following example shows the output of
the klist utility, with ol_home2data/jkent-005.payroll.jkenterprises.com as
the Informix service
principal.
Ticket cache: FILE:/tmp/krb5cc_200
Default principal: admin@payroll.jkenterprises.com
Valid starting Expires
01/30/08 09:45:28 01/31/08 09:45:26
Service principal
krbtgt/payroll.jkenterprises.com@jkenterprises.com
01/30/08 09:48:31 01/31/08 09:45:26
ol_home2data/jkent-005.payroll.jkenterprises.com@jkenterprises.com