Configuring Kerberos on a stand-alone server

You can enable Kerberos authentication for secure communication between IBM® Security Guardium® Key Lifecycle Manager and the Db2® database.

Before you begin

  • Ensure that the computer on which you install the Kerberos server is secure and does not run any service other than KDC.
  • Ensure that the computers that host the Kerberos server and the Kerberos client (IBM Security Guardium Key Lifecycle Manager server) have the same operating system.
  • Install the Kerberos or Key Distribution Center (KDC) server.
Note: The support for configuring Kerberos will be deprecated in the later versions of IBM Security Guardium Key Lifecycle Manager.

About this task

Kerberos configuration involves the following high-level steps:
  1. Install Kerberos client on the IBM Security Guardium Key Lifecycle Manager server.
  2. Register service and client principals on the Kerberos server. The service principal creates a service for Db2 that can be accessed by the client principal.
  3. Configure IBM Security Guardium Key Lifecycle Manager.
Depending on the operating system of the IBM Security Guardium Key Lifecycle Manager server, see the relevant topic for instructions.