Skip to content

IBM InfoSphere WAS: Create a Kerberos Configuration File

October 7, 2015

This post list the necessary step to create a kerberos configuration file on IBM AIX 7.1


  • AIX 7.1
  • Active Directory Schema version 47 (Windows Server 2008 R2).
  • IBM WebSphere Application Server Network Deployment v8.5
  • The installation root directory is /IBM


  1. The Active Directory account for the AIX server has been created.
  2. The keytab file has been generated from the Active Directory.
  3. The keytab file has been transferred to the AIX machine.
  4. Kerberos client has been installed on the AIX machine.


  1. Create the /etc/krb5 directory
    sudo mkdir /etc/krb5
  2. Create the Kerberos Configuration File for WebSphere Application Server
    cd /IBM/WebSphere/AppServer/bin
  3. Invoking wsadmin with Jython
    sudo ./ -lang jython
  4. When prompted, enter the user name and password of a WAS users with administrives privileges.
  5. Execute the Admintask.createKrbConfigFile command in iteractive move.
    Create Kerberos configuration file
    This command creates a Kerberos configuration file (krb5.ini or krb5.conf).
  6. Enter the location where the configuration file will be created.
    *Filesystem location of the Kerberos configuration file (krbPath): /etc/krb5/krb5.conf
  7. Enter the kerberos realm name; in this case the name of the AD domain.
    *Kerberos realm name in Kerberos configuration file (realm):
  8. Enter the hostname of the kerberos KDC, in this case the name of the AD domain controller.
    *Host name of the Kerberos Key Distribution Center (kdcHost):
  9. Enter the port number of where the LDAP is listening on the AD domain controller.
    Port number of the Kerberos Key Distribution Center (kdcPort): 389
  10. Enter the DNS suffix and any alternative DNS suffixes for your realm.
    *A list of the Domain Name Service, seperated by a pipe character (| (dns):|
  11. Enter the DNS suffix and any alternative DNS suffixes for your realm.
    *Filesystem location of the keytab file (keytabPath): /datastage/keytab/ohdwetlmsdev03.keytab
  12. Enter the encryption type to be used. In the example the default MS Windows Encryption type is used.
    Encryption type (encryption): des-cbc-crc
  13. Confirm the creation of the Kerberos Configuration file.
    Create Kerberos configuration file
    F (Finish)
    C (Cancel)
    Select [F, C]: [F] F
    WASX7278I: Generated command line: AdminTask.createKrbConfigFile('[-krbPath /etc/krb5/krb5.conf -realm -kdcHost -kdcPort 389 -dns| -keytabPath /IBM/keytab/myserver.keytab -encryption des-cbc-crc]')
    '/etc/krb5/krb5.conf has been created.'
  14. Exit wsadmin.

The new created Kerberos configuration file will look like this:

        default_realm =
        default_keytab_name = FILE:/IBM/keytab/myserver.keytab
        default_tkt_enctypes = des-cbc-crc
        default_tgs_enctypes = des-cbc-crc
        forwardable  = true
        renewable  = true
        noaddresses = true
        clockskew  = 300
    [realms] = {
            kdc =
            default_domain =
    [domain_realm] = =


IBM Knowledge Center (2015, Sep 4). SpnegoTAICommands group for the AdminTask object (deprecated). Retrieved from

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: