Registering an Authentication Service in an Active Directory domain
This topic provides instructions for administering security at installations where AD/Kerberos authentication is not already being used for BMC Server Automation. If you have already set up AD/Kerberos authentication, you can use your existing Kerberos configuration files and modify as necessary based on the descriptions in this section.
This topic provides procedures that an administrator of an Active Directory Key Distribution Center (KDC) can use to register the Authentication Service associated with a BMC Server Automation Application Server in an Active Directory domain.
Refer to this topic only if you want to employ AD/Kerberos user credentials for Domain Authentication of end users.
The following procedure is a master procedure. Each of the steps in this procedure references a subsection that describes another procedure.
- Review the required utilities that must be installed on the Active Directory server. For more information, see Requirements-for-the-Active-Directory-server.
- Create an Active Directory user account for the Authentication Service. For more information, see Creating a user account in the domain of the Authentication Server.
- Associate a service principal name (SPN) with the user account. For more information, see Creating-a-service-principal-name.
- Export the user account and SPN information into a keytab file. After you create the keytab file, you must give this file and the SPN to the administrator of the Authentication Server for reports. For more information, see Exporting-and-copying-the-keytab-file.