Overview of AD Kerberos configuration tasks
This topic provides an overview of the tasks you must perform to set up a BMC Server Automation environment that supports user authentication using AD/Kerberos user credentials:
- On the Active Directory KDC:
- Create a user account for the BMC Server Automation Authentication Service.
- Export the blauthsvc.keytab file. Give this file and the SPN to the administrator of the Application Server hosting the BMC Server Automation Authentication Service.
These tasks are described in Registering an Authentication Service in an Active Directory Domain.
- On the BMC Server Automation Application Server:
- Put the blauthsvc.keytab file in the correct directory.
- Locate the Active Directory KDC for the service principal's realm.
- Create the blappserv_krb5.conf file.
- Create the blappserv_login.conf file.
- Define Authentication Service settings to support AD/Kerberos.
- Add users to the BMC Server Automation RBAC user database, making sure each user name includes the user's Active Directory domain (user@DOMAIN.COM).
- If you are using Network Shell to communicate directly with agents, set up a Network Shell proxy server.
These tasks are described in detail in Configuring an Authentication Service for AD Kerberos authentication.
- On the BMC Server Automation client:
- (Windows) Update the Kerberos registry settings.
- Create the blclient_login.conf file.
- Locate the Active Directory KDC for the client's realm.
- Create a blclient_krb5.conf file.
- Update the config.properties file.
- (UNIX) Obtain a ticket granting ticket (TGT) for the client.
- Create an authentication profile using AD/Kerberos authentication.
These tasks are described in Configuring a BMC Server Automation client for AD Kerberos authentication.