Acquiring a Kerberos ticket by using the identity of the account running the Spotfire Server process

To make it possible to log in to the Spotfire database as the user currently running the server, the connection pool must be able to acquire the initial Ticket-Granting-Ticket (TGT) from the native Ticket Cache of the Spotfire Server host.

Procedure

  • Modify the following registry key so that the TGT session can be exported:
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\
    Parameters]"allowtgtsessionkey"=dword:00000001
    
    DatabaseKerberos
    {
     com.sun.security.auth.module.Krb5LoginModule
     	required
     	debug=true
     	storeKey=true
     	useTicketCache=true
     	doNotPrompt=false;
    };