This recipe shows how to configure the Kerberos authentication with Orchestrator. Even if you are using the Windows version, this still has to be done, as Kerberos needs to be configured for Java that runs Orchestrator. The Kerberos configuration is only needed for special plugins, such as PowerShell.
We just need administrative access to the Orchestrator operating system. You need to make sure that the clocks are in sync between Orchestrator and the KDC. See the Tuning the appliance recipe in this chapter. The domain in this example is called mylab.local
and the AD server (KDC) is called addns.mylab.local
.
Log in to the Orchestrator operation system with administrator privileges.
Edit the
krb5.conf
file. You might have to create this file.Operating system
Path
Windows
C:\Program Files\Common Files\VMware\VMware vCenter Server - Java Components\lib\security\krb5.conf
Appliance
/usr/java/jre-vmware/lib/security/krb5.conf...