If you configure the Planning Analytics database to use Integrated Login, the SecurityPackageName parameter defines the security package that authenticates your user name and password in Microsoft Windows.

This parameter is not applicable to Planning Analytics Engine.

Parameter type: optional, static

Valid values are:
  • Negotiate
  • Kerberos
  • NTLM

When runningPlanning Analytics locally, set SecurityPackageName=Negotiate in Planning Analytics database configuration. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication. If Negotiate is set and Kerberos is not available, NTLM is used, and if NTLM is not configured TM1 will error out.

The behavior of SecurityPackageName when using Integrated Login to authenticate via the TM1 REST API is slightly different.

  • When SecurityPackageName=Negotiate, the TM1 REST API supports both Kerberos and NTLM.
  • When SecurityPackageName=NTLM, but your environment also supports Kerberos, the TM1 REST API will allow access to users with Kerberos or NTLM. The reason is that NTLM has been superseded by Kerberos, so the TM1 REST API will behave as if SecurityPackageName was set to Negotiate.
  • When SecurityPackageName=Kerberos, but your environment also supports NTLM, the TM1 REST API will reject NTLM users and allow access only to Kerberos users.