Configure Kerberos authentication on the Scheduler (Windows only)

If the Scheduler connects to a TEXTML Server that uses Kerberos authentication, you must configure Kerberos authentication for the Scheduler.

To configure the Scheduler for Kerberos authentication:
Note: This procedure is required only if Kerberos authentication is enabled in the TEXTML Server.
  1. Create the krb5.ini Kerberos configuration file.
    This file specifies the Kerberos configuration used for authentication. Configure it as follows:
    • realm: Kerberos realm name. This is the Fully Qualified Domain Name (FQDN) of your Active Directory Windows domain. The domain name is case-sensitive so take note of what is in uppercase or lowercase in the example of the krb5.ini Kerberos configuration file. Replace the lowercase acme.local with your domain name in lowercase and the uppercase ACME.LOCAL with your domain name in uppercase.
    • kdc: Kerberos Key Distribution Center (KDC) host name and port (Windows domain controller).
    For example:
    [domain_realm]
       .acme.local = ACME.LOCAL
       acme.local = ACME.LOCAL
       acme = ACME.LOCAL
       ACME = ACME.LOCAL
    [libdefaults]
       default_realm = ACME.LOCAL
       dns_lookup_kdc = true
       dns_lookup_realm = true
    [logging]
    [realms]
       ACME.LOCAL = {
       kdc = dc1.acme.local
       kdc = dc2.acme.local
       admin_server = dc1.acme.local
       default_domain = ACME.LOCAL       
    }      
  2. Save the file in the %SchedulerDir%/conf directory.
  3. Create the login.conf login configuration file.
    This file specifies the Java login configuration for Active Directory. It must include the following code:
    TextmlClientLogin
    {
          com.sun.security.auth.module.Krb5LoginModule required useTicketCache=false;
    };
  4. Save the file in the %SchedulerDir%/conf directory.