Configuring a BMC Server Automation client for AD Kerberos authentication

This topic describes how to configure a BMC Server Automation client (the BMC Server Automation Console or the blcred utility) to authenticate with a BMC Server Automation Authentication Service using AD/Kerberos user credentials.

In addition to the procedures described here, a user must also define an authentication profile that calls for AD/Kerberos authentication. For more information about defining authentication profiles, see Setting up an authentication profile.

To configure a BMC Server Automation client for AD Kerberos authentication

The following is a master procedure. Each of the steps in this procedure references a topic that describes another procedure.

Note

When you specify a domain name in any of the following steps, you must use uppercase letters. You might want to review the diagram in Sample domain structure for an overview of the domain names and host names used in the examples in this topic.

  1. If you have not done so already, perform the following prerequisite procedures:
  2. For Windows clients, update registry settings and perform other configuration tasks. See Performing Windows client configuration tasks. For UNIX environments, skip this step.
  3. Create the blclient_login.conf file, which provides essential configuration data.
  4. Locate the Active Directory KDC for the client's domain. This step provides information that is needed for subsequent steps in this procedure.
  5. Create the blclient_krb5.conf file, which provides essential Kerberos configuration information.
  6. Update the BMC Server Automation config.properties file.
  7. For UNIX clients, each user must manually perform a kinit to obtain a ticket-granting ticket (TGT). See Obtaining a TGT for a BMC Server Automation client (UNIX only). When a Windows user logs into the Active Directory, the equivalent of a "kinit" is performed automatically.
  8. Set up authentication profiles using AD/Kerberos authentication on the BMC Server Automation client. See Authentication profiles and Managing authorizations.
Was this page helpful? Yes No Submitting... Thank you

Comments