To set up the SPN and generate the keytab file, perform the following steps:
- Log into the active directory that uses the Kerberos Key Distribution Center (KDC).
- Find the user account and check the Password never expires and This account supports checkboxes.
- Open Windows Command prompt and run the following command to generate a keytab for the user account.
ktpass -princ HTTP/[FQDN_LOWERCASE]@[DOMAIN_UPPERCASE] -mapuser [USERNAME] @ [DOMAIN_NAME] -pass [PASSWORD] -ptype KRB5_NT_PRINCIPAL -kvno 0 -crypto AES256-SHA1 -out [OUTPUT-FILENAME].keytab
Note: Execute this command in the Active Directory server
FQDN is the RiskVision Web Server Hostname
- After the keytab file is generated, open Windows Command Prompt, and run the following command to verify whether the SPN is registered for the hostname that a user will need for logging into RiskVision.
setspn -l <username>
- Copy the keytab file to a directory in the RiskVision Application Server to enable the Kerberos Authentication.
