Set up the Kerberos Configuration on the WebSphere server

  1. Make sure the WebSphere Deployment Manager and the node are running.
  2. Create a kerberos directory under WAS_HOME.

    UNIX/IBMi: mkdir $WAS_HOME/kerberos

    Windows: md %WAS_HOME%\kerberos

  3. Copy the LSF10.keytab file you created on the Active Directory machine to the kerberos directory on the application server.
  4. Next, create the Kerberos configuration file. In the example below, the file will be created in the kerberos directory you created.

    From the command line, navigate to the bin directory for the WebSphere profile for your LSF server and start the Websphere admininstration utility

    Example

    WIndows: d:\IBM\WAS\AppServer\profiles\LSF10\bin

    Windows: >.\wsadmin.bat

    UNIX/IBMi: /opt/web/WAS/AppServer/profiles/LSF10/bin

    UNIX/IBMi: >./wsadmin.sh

    Type the command to create the Kerberos configuration file:

    Windows:

    
                wsadmin>$AdminTask createKrbConfigFile {-krbPath d:\ibm\WAS\AppServer\kerberos\krb5.conf -realm 
    LAWSON.COM -kdcHost <ADServer.Lawson.com> -dns lawson.com -keytabPath d:\ibm\WAS\AppServer\kerberos\
    LSF10.keytab}
              

    UNIX/IBMi:

    
                $wsadmin>$AdminTask createKrbConfigFile {-krbPath /opt/web/WAS/AppServer/kerberos/krb5.conf -realm
     LAWSON.COM -kdcHost <ADServer.Lawson.com> -dns lawson.com -keytabPath 
    /opt/web/WAS7/AppServer/kerberos/LSF10.keytab}
              

    where

    LAWSON.COM is the Kerberos realm.

    ADServer.Lawson.com is the fully-qualifed domain name for the Active Directory domain controller.

    lawson.com is the Active Directory domain.

    A message confirms that the file has been created.

    Windows: d:\ibm\WAS\AppServer\kerberos\krb5.conf has been created.

    UNIX/IBMi: /opt/web/WAS/AppServer/kerberos/krb5.conf has been created.