Domino supports Kerberos authentication, allowing users to authenticate as themselves when connecting to Kerberos-secured systems.
Users can enable Kerberos authentication at the project-level or user-level by uploading a Kerberos keytab and principal into Domino. After set up, Runs started by Kerberos-enabled users or in Kerberos-enabled projects in Domino will automatically run kinit and retrieve the ticket to be able to authenticate.
There are two ways to add your krb5.conf file to Domino.
-
Add it to your project in a folder named
kerberos. -
Add it to your environment at
/etc/krb5.conf:
RUN echo "[libdefaults]" >> /etc/krb5.conf && \
echo " default_realm = [YOUR-DEFAULT-REALM]" >> /etc/krb5.conf && \
echo " default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc" >> /etc/krb5.conf && \
echo " default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc" >> /etc/krb5.conf && \
echo " dns_lookup_kdc = true" >> /etc/krb5.conf && \
echo " dns_lookup_realm = false" >> /etc/krb5.conf && \
echo "" >> /etc/krb5.conf && \
echo "[realms]" >> /etc/krb5.conf && \
echo " EXAMPLE.COM = {" >> /etc/krb5.conf && \
echo " kdc = kerberos.example.com" >> /etc/krb5.conf && \
echo " admin_server = kerberos.example.com" >> /etc/krb5.conf && \
echo " }" >> /etc/krb5.confTo add a keytab and principal that will be used for Runs started by your user, open your Account Settings and click Kerberos Integration from the settings menu. Click Keytab file based authentication, supply your keytab and principal, then click Save.
To add a keytab and principal that will be used for Runs started by a specific project, open the project Settings and click to open the Integrations tab.
In the Kerberos panel, click Keytab file based authentication, supply your keytab and principal, then click Save.