Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
Caché Installation Guide - InterSystems Documentation
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Preparing the Security Environment<br />
ktpass command-line tool on the domain controller; this is available as part of the Windows<br />
support tools from Microsoft.<br />
The command maps the account just set up to an account on the UNIX-based or OpenVMS<br />
machine; it also generates a key for the account. The command must specify the following<br />
parameters:<br />
Parameter<br />
-princ<br />
-mapuser<br />
-pass<br />
-crypto<br />
-out<br />
Description<br />
The principal name (in the form cache/@).<br />
The name of the account created (in the form cache).<br />
The password specified during account creation.<br />
The encryption type to use (used the default, DES-CBC-CRC, unless<br />
specified otherwise).<br />
The keytab file you generate to transfer to the <strong>Caché</strong> server machine<br />
and replace or merge with your existing keytab file.<br />
Important:<br />
The principal name on UNIX-based and OpenVMS platforms must take the<br />
form shown in the table with the literal cache as the first part.<br />
Once you have generated a key file, move it to a file on the <strong>Caché</strong> server with the following<br />
characteristics:<br />
• On MacOS and most versions of UNIX, the pathname is<br />
/mgr/cache.keytab. On Tru64, the pathname is /krb5/v5srvtab;<br />
on SuSE Linux, it is /etc/krb5.keytab.<br />
On OpenVMS, the file is cache.keytab and is located in the manager's directory.<br />
• It is owned by the user that owns the <strong>Caché</strong> installation and the group cacheusr.<br />
• On UNIX and MacOS, its permissions are 640; on OpenVMS, its permissions are<br />
[S:RWD,O:RWD,G:R,W:].<br />
C.1.3 Create Service Accounts for Non-Windows <strong>Caché</strong> Servers<br />
with a KDC<br />
In a non-Windows environment, you must create service principal accounts for all UNIX,<br />
Mac OS, or OpenVMS <strong>Caché</strong> servers using a UNIX, Mac OS, or OpenVMS KDC. Once you<br />
have an operational KDC, you need to add a service principal account for each <strong>Caché</strong> server.<br />
<strong>Caché</strong> <strong>Installation</strong> <strong>Guide</strong> 91