Hi, To simplify:
1. Create the service account in AD: Username: Remedy_Kerb Password: ************** 2. Add the SPN. On a domain joined machine, run the command: setspn -s HTTP/server.domain.com Remedy_Kerb 3. Generate the keytab file. Run the following command from one of our domain controllers: ktpass -out c:\share\remedyssoservice.keytab -mapuser Remedy_Kerb -princ HTTP/server.domain....@domain.com –pass ************** -ptype KRB5_NT_PRINCIPAL -target DOMAIN.COM 4. Copy the keytab file to RSSO server. Stored in following location: /u01/app/bmc/RemedySSO/remedyssoservice.keytab 5. Configure Kerberos in the RSSO admin console. If using a "shared" database for RSSO in an HA environment, you want to use the LB name for the SPN to Kerberos e.g. HTTP/loadbalancer.domain.com. Also, the Kerberos realm does not have to be the same as the SPN, but does have to match the domain of the KDC server e.g. Kerberos Realm = domain.local, KDC Server = LDAP.domain.local. The keytab file (copy to the RSSO server) can be skipped if using the SPN Password as the Credential Type in the Authentication in RSSO. ---------------------------------------------- Kind Regards, Carl Wilson From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thomas Miskiewicz Sent: 27 November 2017 15:10 To: arslist@ARSLIST.ORG Subject: Re: Remedy SSO with Kerberos ** Saw that one but it’s so wishy-washy I couldn’t believe this is it. This one’s a lot better: https://docs.bmc.com/docs/rsso91/kerberos-authentication-process-662397346.html?src=search Thanks Thomas On 27. Nov 2017, at 16:06, LJ LongWing <lj.longw...@gmail.com <mailto:lj.longw...@gmail.com> > wrote: ** something like this? https://docs.bmc.com/docs/display/public/ars9000/Configuring+Kerberos+for+Authentication On Mon, Nov 27, 2017 at 7:53 AM, Thomas Miskiewicz <tmisk...@gmail.com <mailto:tmisk...@gmail.com> > wrote: Hi there, in our development we’ve installed RSSO on our Mid Tier server. Then we run the installer again and told it to do the Mid Tier integration. At last we run the installer on the AR Server and told it to do the AR Integration. Is there a document that describes the Kerberos integration from this point? Thanks Thomas _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org <http://www.arslist.org/> "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
