Configure Kerberos authentication on the Web Author Application (Windows only)

If the CMS Application Server connects to a TEXTML Server that uses Kerberos authentication, you must configure Kerberos authentication on the Web Author Application.

This section describes the procedure for configuring Kerberos authentication on the Web Author Application.

Note: This procedure applies to Windows only.
  1. Create the krb5.ini Kerberos configuration file.
    This file specifies the Kerberos configuration used for authentication. Configure it as follows:
    • realm: Kerberos realm name. This is the Fully Qualified Domain Name (FQDN) of your Windows domain.
    • kdc: Kerberos Key Distribution Center (KDC) host name and port (Windows domain controller).
    For example:
    [domain_realm]
      .acme.local = ACME.LOCAL
      acme.local = ACME.LOCAL
      acme = ACME.LOCAL
    [libdefaults]
      dns_lookup_kdc = true
      dns_lookup_realm = true
    [logging]
    [realms]
    ACME.LOCAL = {
      kdc = dc1.acme.local
      kdc = dc2.acme.local
      admin_server = dc1.acme.local
    }   
  2. Save the file in the %TomcatDir%/conf/ directory.
    For example:
    C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\
  3. Create the login.conf login configuration file.
    This file specifies the Java login configuration for Active Directory. It must include the following code:
    TextmlClientLogin
    {
          com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false;
    };
  4. Save the file in the %TomcatDir%/conf/ directory.
  5. To specify the location of these files to Tomcat, start the Tomcat Monitor:
    1. From the Start menu, select All Programs > Apache Tomcat 6.0 Tomcat6, right-click Monitor Tomcat, and select Run as administrator.
      The Apache Tomcat 6.0 Tomcat6 Properties dialog appears.
    2. Select the Java tab.
    3. In the Java Options area, add the following options:
      -Djava.security.krb5.conf=%TomcatDir%\conf\krb5.ini
      -Djava.security.auth.login.config=%TomcatDir%\conf\login.conf
      Where %TomcatDir% is the location of the Tomcat directory; for example:
      -Djava.security.krb5.conf=C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\krb5.ini
      -Djava.security.auth.login.config=C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\login.conf
      Note: Do not use the %TomcatDir% variable; you must specify the absolute path to the Kerberos files.