Verify HCL OneDB uses Kerberos authentication for SSO

Before you set up the SQLHOSTS information and concsm.cfg file for the client computer in a single sign-on implementation, verify that your login service is correctly configured to use Kerberos authentication.

Before you begin

The client user principal and service principals must exist in the Key Distribution Center (KDC) to authenticate by using the Kerberos tickets. Also, the KDC daemon must be running.

About this task

Procedure

  1. Log on by using Kerberos authentication, which typically generates the required user credentials (ticket-granting ticket) for SSO on all platforms. However, if you are working on UNIX™ or Linux™, you can also employ the kinit utility to obtain a ticket-granting ticket (TGT).
    For example, the following command can generate a TGT for the user named admin in the realm payroll.jkenterprises.com:
    % /usr/local/bin/kinit admin@payroll.jkenterprises.com
  2. Use the klist utility to view the credentials cache from the KDC and verify the existence of a valid ticket for the user ID.
    A valid ticket looks similar to the following example:
    Ticket cache: FILE:/tmp/krb5cc_200
    Default principal: admin@payroll.jkenterprises.com
    
    Valid starting     Expires
    01/30/08 09:45:28  01/31/08 09:45:26
    Service principal
    krbtgt/payroll.jkenterprises.com@jkenterprises.com
  3. After HCL OneDB™ accepts a connection request, verify that a valid ticket-granting service (TGS) is present.
    The TGS is required for the server service principal.
    The following example shows the output of the klist utility, with ol_home2data/jkent-005.payroll.jkenterprises.com as the HCL OneDB service principal.
    Ticket cache: FILE:/tmp/krb5cc_200
    Default principal: admin@payroll.jkenterprises.com
    
    Valid starting     Expires
    01/30/08 09:45:28  01/31/08 09:45:26
    Service principal
    krbtgt/payroll.jkenterprises.com@jkenterprises.com
    
    01/30/08 09:48:31  01/31/08 09:45:26
    ol_home2data/jkent-005.payroll.jkenterprises.com@jkenterprises.com