Configure Kerberos authentication on the WCR (Windows only)

If the Web Collaborative Reviewer (WCR) connects to a TEXTML Server that uses Kerberos authentication, you must configure Kerberos authentication for the WCR.

This section describes the procedure for configuring Kerberos authentication for the WCR.

Note: This procedure applies to Windows only.
  1. Create the krb5.ini Kerberos configuration file.
    This file specifies the Kerberos configuration used for authentication. Configure it as follows:
    • realm: Kerberos realm name. This is the Fully Qualified Domain Name (FQDN) of your Active Directory Windows domain. The domain name is case-sensitive so take note of what is in uppercase or lowercase in the example of the krb5.ini Kerberos configuration file. Replace the lowercase acme.local with your domain name in lowercase and the uppercase ACME.LOCAL with your domain name in uppercase.
    • kdc: Kerberos Key Distribution Center (KDC) host name and port (Windows domain controller).
    For example:
    [domain_realm]
       .acme.local = ACME.LOCAL
       acme.local = ACME.LOCAL
       acme = ACME.LOCAL
       ACME = ACME.LOCAL
    [libdefaults]
       default_realm = ACME.LOCAL
       dns_lookup_kdc = true
       dns_lookup_realm = true
    [logging]
    [realms]
       ACME.LOCAL = {
       kdc = dc1.acme.local
       kdc = dc2.acme.local
       admin_server = dc1.acme.local
       default_domain = ACME.LOCAL       
    }      
  2. Save the file in the %TomcatDir%/conf/ directory.
    For example:
    C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\
  3. Create the login.conf login configuration file.
    This file specifies the Java login configuration for Active Directory. It must include the following code:
    TextmlClientLogin
    {
          com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false;
    };
  4. Save the file in the %TomcatDir%/conf/ directory.
  5. To specify the location of these files to Tomcat, start the Tomcat Monitor:
    1. From the Start menu, select All Programs > Apache Tomcat 6.0 Tomcat6, right-click Monitor Tomcat, and select Run as administrator.
      The Apache Tomcat 6.0 Tomcat6 Properties dialog appears.
    2. Select the Java tab.
    3. In the Java Options area, add the following options:
      -Djava.security.krb5.conf=%TomcatDir%\conf\krb5.ini
      -Djava.security.auth.login.config=%TomcatDir%\conf\login.conf
      Where %TomcatDir% is the location of the Tomcat directory; for example:
      -Djava.security.krb5.conf=C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\krb5.ini
      -Djava.security.auth.login.config=C:\Program Files\Apache Software Foundation\Tomcat 6.0\conf\login.conf
      Important: Do not use the %TomcatDir% variable; you must specify the absolute path to the Kerberos files.