Configuring a TrueSight Server Automation client for AD Kerberos authentication

This topic describes how to configure a TrueSight Server Automation client (the TrueSight Server Automation Console or the blcred utility) to authenticate with a TrueSight Server Automation Authentication Service using AD/Kerberos user credentials.

In addition to the procedures described here, a user must also define an authentication profile that calls for AD/Kerberos authentication. For more information about defining authentication profiles, see Setting-up-an-authentication-profile.

To configure a TrueSight Server Automation client for AD Kerberos authentication

The following is a master procedure. Each of the steps in this procedure references a topic that describes another procedure.

1. If you have not done so already, perform the following prerequisite procedures:
   • Registering an Authentication Service in an Active Directory Domain
   • Configuring-an-Authentication-Service-for-AD-Kerberos-authentication
2. For Windows clients, update registry settings and perform other configuration tasks. See Performing-Windows-client-configuration-tasks. For UNIX environments, skip this step.
3. Create the blclient_login.conf file, which provides essential configuration data.
4. Locate the Active Directory KDC for the client's domain. This step provides information that is needed for subsequent steps in this procedure.
5. Create the blclient_krb5.conf file, which provides essential Kerberos configuration information.
6. Update the TrueSight Server Automation config.properties file.
7. For UNIX clients, each user must manually perform a kinit to obtain a ticket-granting ticket (TGT). See Obtaining a TGT for a TrueSight Server Automation client (UNIX only). When a Windows user logs into the Active Directory, the equivalent of a "kinit" is performed automatically.
8. Set up authentication profiles using AD/Kerberos authentication on the TrueSight Server Automation client. See Authentication profiles and Managing-authorizations.