Configuring the Server for Single Sign-On
Configure the Server on Windows
- Ensure that the Windows server machine is a member of the Active Directory (AD) domain.
- In the IBM® SPSS® Statistics Server installation location, locate the folder called config.
- In the config folder, create a subfolder called sso.
- In the sso folder, create a krb5.conf file.
Instructions for how to create the krb5.conf file can be found at http://web.mit.edu/kerberos/krb5-current/doc/admin/conf_files/krb5_conf.html. An example of a krb5.conf file is given
below:
[libdefaults] default_realm = STATISTICSSSO.COM dns_lookup_kdc = true dns_lookup_realm = true [realms] STATISTICSSSO.COM = { kdc = statisticssso.com:88 admin_server = statisticssso.com:749 default_domain = STATISTICSSSO.COM } [domain_realm] .statisticssso.com = STATISTICSSSO.COM
Configure the Server on UNIX
To configure Single Sign-On for UNIX server machines, you can add the UNIX machine to the Windows AD domain, then follow the instructions for configuring Single Sign-On on Windows. Alternatively, you can perform the following steps:
- Create a domain user account for the UNIX machine.
- Change the host name. If you are using RedHat Linux, open the
/etc/sysconfig/network file and modify
HOSTNAMEto the form<name>.<realm>. This enables the AD to find the server credentials. - To enable the DNS server to find the UNIX machine, take one of the following steps:
- Open the %windows%/system32/drivers/etc/hosts file and add the
IP/host mapping, for
example:
192.168.1.102 test.statisticssso.com testOr
- Add a new reverse lookup zone entry. This will add an IP/host mapping on the DNS server.
- Open the %windows%/system32/drivers/etc/hosts file and add the
IP/host mapping, for
example: