GSSServiceName
The GSSAPI service name that you want to use for the IDOL Content Component service. You must specify the GSSAPI service name, instance name (fully qualified host name), and the Kerberos realm (normally the domain name in upper case).
You can also set GSSServiceName
to an asterisk (*
) to allow clients to authenticate to any service principal in the IDOL Content Component service's keytab, rather than requiring you to select a single principal.
If you enable GSSAPI authentication, IDOL Content Component uses this value as the GSSAPI service name to identify itself. You enable GSSAPI authentication by setting the RequireGSSAuth
parameter in the appropriate section:
- ACI port:
[Server]
RequireGSSAuth - Service port:
[Service]
RequireGSSAuth - Index port:
[IndexServer]
RequireGSSAuth
NOTE: You cannot use RequireGSSAuth
with GSS ACI encryption (see ACI Encryption Configuration Parameters). If you configure both, IDOL Content Component does not start. GSS ACI encryption has been deprecated or IDOL Content Component version 12.6.0 and later.
NOTE: You cannot use this method for GSSAPI authorization in a unified IDOL Server, or if you use an IDOL Proxy component to distribute actions.
Type: | String |
Default: | |
Required: | No |
Configuration Section: | Server |
Example: | GSSServiceName=MYSERVICE/host.example.com@EXAMPLE.COM
|
See Also: |