Configuring Kerberos on a stand-alone server
You can enable Kerberos authentication for secure communication between IBM® Security Guardium® Key Lifecycle Manager and the Db2® database.
Before you begin
- Ensure that the computer on which you install the Kerberos server is secure and does not run any service other than KDC.
- Ensure that the computers that host the Kerberos server and the Kerberos client (IBM Security Guardium Key Lifecycle Manager server) have the same operating system.
- Install the Kerberos or Key Distribution Center (KDC) server.
Note: The support for configuring Kerberos will be deprecated in the later
versions of IBM Security Guardium Key Lifecycle Manager.
About this task
Kerberos configuration involves the following high-level steps:
Depending on the operating system of the IBM Security Guardium Key Lifecycle Manager server, see the relevant topic for
instructions.- Install Kerberos client on the IBM Security Guardium Key Lifecycle Manager server.
- Register service and client principals on the Kerberos server. The service principal creates a service for Db2 that can be accessed by the client principal.
- Configure IBM Security Guardium Key Lifecycle Manager.