Creating a Kerberos service account is the first step in configuring
Spotfire Server for the Kerberos authentication method.
Prerequisites
Windows Domain Controllers running Windows Server 2008 or later.
A computer with the Microsoft Active Directory Users and Computers MMC snap-in.
A computer with the Microsoft Support Tools installed.
A domain administrator account or a user account which is a member of the built-in Account Operators domain group, or any account with equivalent permissions.
Windows Domain accounts for all
Spotfire users.
A fully-working user directory, with either of the following options:
LDAP (recommended)
Spotfire database, provided that the built-in post-authentication filter is auto‐creating new users.
Procedure
Log in to the computer as a domain administrator or a user who is a member of the built-in Account Operators domain group.
Open the Active Directory Users and Computers MMC snap-in.
Create an ordinary user account with the following properties:
Use the same identifier in the
Full name and
User logon name (pre‐Windows 2000) fields.
Note: Use only lowercase characters and make sure that there are no spaces in these fields.
Select the
Password never expires check box.
Clear the
User must change password at next logon check box.
If you want to use the crypto algorithm
aes128-sha1 or
aes256-sha1 the account option
This account supports Kerberos AES 128 bit encryption or
This account supports Kerberos AES 256 bit encryption must also be selected.