Configuring IBM SPSS Modeler Server on UNIX and Linux
Prerequisites
IBM® SPSS® Modeler Server relies on Windows Active Directory (AD) to enable single sign-on, for which the following prerequisites are essential:
- The SPSS Modeler Client (Windows) computer is a member of an Active Directory (AD) domain.
- The client user logs in to the computer using an AD domain account.
- The SPSS Modeler Server (UNIX) computer is
identified by a fully-qualified domain name that is rooted in the AD DNS domain. For example, if the
DNS domain is
modelersso.com, then the server hostname might bemyserver.modelersso.com. - The AD DNS domain supports both forward and reverse lookups for the SPSS Modeler Server hostname.
If the SPSS Modeler Server machine is not a member
of the AD domain you must create a domain user account to represent the service in the directory.
For example, you could create a domain account called ModelerServer.
To Configure SPSS Modeler Server on UNIX or Linux
- In the SPSS Modeler Serverconfig folder, create a subfolder called sso.
- In the sso folder, create a keytab
file. The keytab file's generation can be done on the AD side; however, there
are different requirements depending on whether the SPSS Modeler Server machine is a member of
the AD domain:
- If the SPSS Modeler Server machine is a
member of the AD domain, use the computer account name as the service user
name:
For example:ktpass -princ <spn>@<realm> -mapUser <domain>\<computer account> -pass <password> -out <output file> -ptype KRB5_NT_PRINCIPALktpass -princ modelerserver/myserver.modelersso.com:28054@MODELERSSO.COM -mapUser MODELERSSO\myserver$ -pass Pass1234 -out c:\myserver.keytab -ptype KRB5_NT_PRINCIPAL - If the SPSS Modeler Server machine is not a
member of the AD domain, specify the domain user account, that you created as a prerequisite, as the
service
user:
For example:ktpass -princ <spn>@<realm> -mapUser <domain>\ <user account> -mapOp set -pass <password> -out <output file> -ptype KRB5_NT_PRINCIPALktpass -princ modelerserver/myserver.modelersso.com:28054@MODELERSSO.COM -mapUser MODELERSSO\ ModelerServer -mapOp set -pass Pass1234 -out c:\myserver.keytab -ptype KRB5_NT_PRINCIPALFor more information, see Ktpass Command-Line Reference.
- If the SPSS Modeler Server machine is a
member of the AD domain, use the computer account name as the service user
name:
- Rename the keytab file in the sso
folder to krb5.keytab. Note: If you re-join the server machine to the domain, generate a new keytab file.
- Create a file called krb5.conf in the sso folder you created in step 1. For instructions on how to create this file, see step 3 under Configuring IBM SPSS Modeler client. The file must be the same on the server and client.