Configuring SPNEGO authentication with the push redirector
Before SPNEGO authentication can be used with the push
redirector, Kerberos service principal names must be set for each
application server node. The push user and push password properties are
still required in the server or environment file, but correct credentials do
not need to be entered.
See Enabling SPNEGO authentication
for information on enabling SPNEGO authenticaion in your server or
environment file.
To set up SPNEGO authentication with the push redirector:
- Configure Kerberos service principal names for each application server node. Kerberos may already be configured for the frontend address, but each node must be added as well.
- Set the service to run as a service account on the domain. The service account must be a member of the "nexjusers" security group. If you are using a Windows-based service, the environment file’s pushUser property should be left blank. If you are using a Linux-based service, the pushUser and pushPassword properties should be set to the service account’s credentials.
- Grant the service account Modify permissions on the directory of the push redirector.
- If the push redirector is currently running, restart it.