Download page Setting Up the UMS for SQL Server Kerberos.
Setting Up the UMS for SQL Server Kerberos
Password Policy - Regular Password Changes
If your password policy involves regular password changes, be aware that changing the AD password requires updating the UMS Server database configuration.
Setting Up Kerberos
The UMS can use an SQL Server database with domain login on Windows systems and Linux systems even if they are not part of the domain. In this case, the DB type "SQL Server AD Kerberos" must be used and the system must be configured before the database is activated.
Creating a Kerberos Configuration File
The Kerberos configuration file contains the data needed for the system to access the domain information.
To learn how a Kerberos configuration file looks, see the following example:
The domain does not have to be identical to the domain of the server where the UMS is installed.
Saving the Kerberos Configuration File
Save the Kerberos configuration file in the directory <UMS installation directory>/rmguiserver/conf with the name krb5.conf
Activating the Database
The activation of the SQL Server database is done as normally in the UMS Administrator. The Kerberos connection needs a domain user and password for access to the database.
To activate the database:
In the UMS Administrator, select Datasource and then click Add...
In the New Datasource dialog, edit the settings as follows:
DB type: Select "SQL Server AD Kerberos".
Host: Enter the fully qualified name of the host on which the MS SQL database is running.
Domain: Enter the domain of the user which logs into the database.
User: Enter the username for connecting to the database, without the domain.
Port: Enter the port on which the MS SQL database service is listening.
Schema: Enter "DBO".
Database / SID: Enter the name of the database.
Click Activate. The Datasource Password dialog opens.
Enter the domain password of the database user and click Ok. This password will also be used as the initial password of the UMS superuser.
