Creating the blappserv_login.conf file (AD Kerberos)

You must create a blappserv_login.conf file. The Application Server looks in the blappserv_login.conf file to find the location of the keytab file

To create the blappserv_login.conf file

  1. Create a text file and add the following content to it.

    com.sun.security.jgss.accept {

      com.sun.security.auth.module.Krb5LoginModule required


        useKeyTab=true
        keyTab="<keytabFileLocation>"
        storeKey=true
        principal="blauthsvc/<instance>@<DOMAIN>"
        doNotPrompt=true
        debug=false;

    };

    In this text file, keyTab is the location of the blauthsvc.keytab file on your system.
    For UNIX, assuming TrueSight Server Automation is installed in the default location, the keyTab line would look like this:

    keyTab="/opt/bmc/bladelogic/NSH/br/blauthsvc.keytab"

    For Windows, assuming TrueSight Server Automation is installed in the default location, the keyTab line would look like this:

    keyTab="C:\\Program Files\\BMC Software\\BladeLogic\\NSH\\br\\blauthsvc.keytab"

    Be sure to use the double backslash syntax shown above.
    In the text file, principalis the service principal name for the Authentication Service, followed by the @ sign, followed by the Application Server domain. You obtained the service principal name from the Active Directory administrator. For example:

    principal="blauthsvc/app4@SUB2.DEV.MYCOMPANY.COM"

    If you are using Windows 2008 without Service Pack 2, you should enter a user principal name rather than a service principal name. In other words, use blauthsvc instead of blauthsvc/app4. For example:

    principal="blauthsvc4@SUB2.DEV.MYCOMPANY.COM"

    If you do not have the service principal name and the Application Server realm, you can use the klist utility to display them. See Using-klist-to-read-the-keytab-file

  2. Do one of the following:
    • (UNIX) Save the file to the <InstallDirectory>/NSH/br directory with the name blappserv_login.conf. For example, if the Authentication Server is installed in the default location, you would copy the file to the following directory: /opt/bmc/bladelogic/NSH/br
    • (Windows) Save the file to the <InstallDirectory>\NSH\br directory with the name blappserv_login.conf. For example, if the Authentication Server is installed in the default location, you would copy the file to the following directory: C:\Program Files\BMC Software\BladeLogic\NSH\br

Where to go from here

See Defining-Authentication-Service-settings-for-AD-Kerberos.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*