TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
TIBCO Spotfire Server 3.2.2 - TIBCO Product Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Authentication and User Directory<br />
• Check the box Password never expires. All other boxes should be unchecked<br />
(Note: Make sure to uncheck User must change password at next logon).<br />
• If you intend to use Kerberos for database authentication (see the section<br />
“Database Authentication using Kerberos” on page 91), you must also set<br />
Account is trusted for delegation found on the Accounts tab of the Properties<br />
dialog. This setting has certain security issues, and therefore you should only set<br />
it if you intend to do this.<br />
Next, you must create two Service Principal Names needed for the authentication.<br />
This requires Microsoft Support Tools. Refer to its documentation for more<br />
information about this and other tools included in the package.<br />
Note: In a load balanced environment, you need to create two Service Principal<br />
Names for each <strong>Spotfire</strong> <strong>Server</strong>, and two for the load balancer. You must map all of<br />
them to the same service account.<br />
Creating Service Principal Names (SPNs)<br />
Executing the following commands on one of the Windows Domain Controllers:<br />
> setspn -A HTTP/myHost.mydomain[:port] myServiceAccount<br />
> setspn -A HTTP/myHost[:port] myServiceAccount<br />
Replace the myHost myServiceAccount, and mydomain variables with values<br />
appropriate in your environment.<br />
Note: If you use port 80, do not specify port number.<br />
Example:<br />
Setting SPNs for the service account "spotsvc" and the computer<br />
spotserver.research.example.com using the HTTP port 8080.<br />
> setspn -A HTTP/spotserver.research.example.com:8080 spotsvc<br />
> setspn -A HTTP/spotserver:8080 spotsvc<br />
This would result in the following two SPNs:<br />
• HTTP/spotserver.research.example.com:8080<br />
• HTTP/spotserver:8080<br />
Note: All usernames, hostnames, and domain names are case sensitive. Take special<br />
care when running the commands and editing the files below.<br />
After you have run these commands, you can verify your setup with the command:<br />
> setspn -L myServiceAccount<br />
Example:<br />
Verifying SPNs for the service account “spotsvc”.<br />
> setspn -L spotsvc<br />
Registered ServicePrincipalNames for<br />
CN=spotsvc,CN=Users,DC=research,DC=example,DC=com:<br />
70 (144) <strong>TIBCO</strong> <strong>Spotfire</strong>® <strong>Server</strong> <strong>3.2.2</strong>