Krb5Service
NOTE: This parameter has been renamed to GSSServiceName, for use with new functionality. The old name is still available as an alias, with the same options.
The Kerberos service name of this child server. If the DAH uses the Kerberos protocol to communicate with a child server, this parameter describes the (Kerberos-defined) service name of the child server (for example, IDOL or DAH).
If you create a server group by specifying a comma-separated list of host names in the Host parameter, you must specify a value in the Krb5Service
parameter for each mirrored child server.
By default, DAH uses a Kerberos communication method with ACI encryption (see ACI Encryption Configuration Parameters). In this case, you specify the Kerberos realm by setting Krb5Realm, and you use the ACI Encryption Configuration Parameters to define the DAH service name.
You can also use Kerberos without ACI encryption, by setting ACIEncryption to False
in the child server configuration. In this case, you must use full qualified host names in the child server Host parameters. DAH reads the Kerberos realm from the domain name. You use the GSSServiceName and RequireGSSAuth parameters in the [Server]
section to configure the DAH service name and enable GSS.
Type: | String |
Default: | |
Required: | No |
Configuration Section: | IDOLServerN or DistributedEngineN or DAHEngineN |
Example: | Krb5Service=IDOL
|
See Also: | ACIEncryption
GSSServiceName Krb5Realm |