Configuring Kerberos-SPNEGO authentication in Rational Publishing Engine

You can generate documents from the RationalĀ® Publishing Engine desktop client by using a Kerberos-SPNEGO authentication, which are more secure than logging in with a user name and password.

About this task

Kerberos-SPNEGO authentication is more secure than BASIC and FORM-based authentication. The Kerberos authentication protocol relies on a ticket system to permit users to authenticate in a secure manner. When a client authenticates with the Kerberos Key Distribution Center (KDC) in a Microsoft Active Directory domain, the client is granted a ticket-granting ticket (TGT) and a session key. To use an application that accesses a service that is registered in the same domain, the client requests a separate session ticket for the service.

There are several places in Rational Publishing Engine where you must enter authentication details. You can enter Kerberos-SPNEGO authentication details in:

Authentication when adding a schema

When you add a schema in Document Studio, enter the authentication details for the Kerberos-SPNEGO:

Procedure

  1. In the Document Studio, click Data > Add Data Source. Click Next.
  2. In the Authentication Type list, select Kerberos-SPNEGO.
  3. In the Kerberos Config Path, browse to Kerberos configuration file.
    For example, the default locations are:
    • This is a Windows operating system icon. C:\Windows\krb5.ini
    • This is a Linux operating system icon. /etc/krb5.conf
    Tip: If you cannot find the Kerberos configuration file on your machine, contact your system administrator to get the configuration file from the same server where the data source is hosted. For example, from the same server where Rational solution for Collaborative Lifecycle Management is hosted.
    New Schema wizard

Setting authentication when configuring the data source

You can specify to use Kerberos-SPNEGO authentication in Launcher:

Procedure

  1. In the Document Specification view, expand Templates > Data Sources.
  2. Right-click the data source and select Configure Data Source.
  3. In the Authentication Type list, select Kerberos-SPNEGO.
  4. In the Kerberos Config Path, browse to Kerberos configuration file.
    For example, the default locations are:
    • This is a Windows operating system icon. C:\Windows\krb5.ini
    • This is a Linux operating system icon. /etc/krb5.conf
    Tip: If you cannot find the Kerberos configuration file on your machine, contact your system administrator to get the configuration file from the same server where the data source is hosted. For example, from the same server where Rational solution for Collaborative Lifecycle Management is hosted.
    New Schema wizard

Setting authentication in the Properties view

You can also set authentication details in the Properties view for the data source. There are two properties associated with Kerberos-SPNEGO authentication:

Procedure

  • Athentication Method: Select Kerberos-SPNEGO.
  • Kerberos Configuration file: The path to the Kerberos configuration file.
    For example, the default locations are:
    • This is a Windows operating system icon. C:\Windows\krb5.ini
    • This is a Linux operating system icon. /etc/krb5.conf
    Tip: If you cannot find the Kerberos configuration file on your machine, contact your system administrator to get the configuration file from the same server where the data source is hosted. For example, from the same server where Rational solution for Collaborative Lifecycle Management is hosted.
    Properties of DNG module
    Tip: If you configured the Kerberos-SPENGO authentication in any of the wizards mentioned in this topic, the Kerberos Configuration file and Authentication Method properties reflect the same values.

Authentication when configuring or generating a document

You can enter Kerberos-SPNEGO configuration details when you configure or generate a document.

Procedure

  1. In the Document Studio or Launcher, click Document Specification > Generate > Configure and Generate Document.
  2. In the Document Specification configuration wizard, expand Data Sources and select modules.
  3. In the Authentication Type list, select Kerberos-SPNEGO.
  4. In the Kerberos Config Path, browse to Kerberos configuration file.
    For example, the default locations are:
    • This is a Windows operating system icon. C:\Windows\krb5.ini
    • This is a Linux operating system icon. /etc/krb5.conf
    Tip: If you cannot find the Kerberos configuration file on your machine, contact your system administrator to get the configuration file from the same server where the data source is hosted. For example, from the same server where Rational solution for Collaborative Lifecycle Management is hosted.
    Properties of DNG module

Authentication when discovering a schema

You can enter Kerberos-SPNEGO configuration details when you discover a schema with the REST or REST V2 schema discovery wizards, when replacing a schema or template from an HTTP location, or when selecting a global configuration.

Procedure

  1. In Document Studio, click Data > Schema Discovery. Depending on which REST API version you want to discover a schema, select one of the following options:
    • For REST API 1.0, select REST Schema Discovery and click Next.
      Configure document generation wizard
    • For REST API 2.0, select REST Schema Discovery and click Next.
      Configure document generation wizard
  2. In the Authentication Type list, select Kerberos-SPNEGO.
  3. In the Kerberos Config Path, browse to Kerberos configuration file.
    For example, the default locations are:
    • This is a Windows operating system icon. C:\Windows\krb5.ini
    • This is a Linux operating system icon. /etc/krb5.conf
    Tip: If you cannot find the Kerberos configuration file on your machine, contact your system administrator to get the configuration file from the same server where the data source is hosted. For example, from the same server where Rational solution for Collaborative Lifecycle Management is hosted.