Macromedia live cycle 7.2 매뉴얼
Adobe LiveCycle
Post-deployment
Installing and Configuring LiveCycle Security Products for JBoss
Adding Kerberos authentication 29
2. When you are back in the tree view of the users in the directory, right-click the account and select
Reset Password. Reset the password to the exact same password that you initially set the account to.
Note:
Resetting the password effectively clears the cache in the Active Directory and lets you proceed
to the next step.
to the next step.
3. Type the information in the (now running) LiveCycle Policy Server configuration page within the
domain setup. (See
and the LiveCycle Policy Server Help.)
Adding Kerberos authentication using the administration interface
When you select Kerberos from within the LiveCycle Policy Server administration interface, you get some
fields to fill with configuration information. These fields are described in the LiveCycle Policy Server Help;
however, this section provides some additional information.
fields to fill with configuration information. These fields are described in the LiveCycle Policy Server Help;
however, this section provides some additional information.
The following table provides brief descriptions of the fields.
The LiveCycle Policy Server client software in Acrobat 7.0 needs to know the Kerberos service that
LiveCycle Policy Server is using to connect LiveCycle Policy Server to Active Directory. This service
corresponds to the new account that is created in the steps presented in
LiveCycle Policy Server is using to connect LiveCycle Policy Server to Active Directory. This service
corresponds to the new account that is created in the steps presented in
and described in the KDC Host, Service User, Service Password, and Service Realm
fields.
Technically, Acrobat requires the service in a special format constructed using the service principal (Service
User) as well as the realm (Service Realm). How these fields are formatted is important. Simply add the
simple user name (Service User) and password (Service Password). The realm (Service Realm) is the Active
Directory domain name. Note that the realm must be typed in all uppercase letters.
User) as well as the realm (Service Realm). How these fields are formatted is important. Simply add the
simple user name (Service User) and password (Service Password). The realm (Service Realm) is the Active
Directory domain name. Note that the realm must be typed in all uppercase letters.
Tip:
If you are very familiar with Kerberos, it is possible to instead type a correctly created Service Principal
Name (SPN) rather than the user name in the Service User field.
Name (SPN) rather than the user name in the Service User field.
Parameter
Description
DNS IP
The IP address of the DNS server such that it can refer to the Active Directory
server by name (for example, 192.168.1.1). The DNS is needed to resolve the KDC
Host.
server by name (for example, 192.168.1.1). The DNS is needed to resolve the KDC
Host.
KDC Host
The DNS name of the Active Directory server (for example,
test.2003.policyserver.net). In Kerberos terminology, this is the Key Distribution
Center (KDC) host.
test.2003.policyserver.net). In Kerberos terminology, this is the Key Distribution
Center (KDC) host.
Service User
The login name of the user of the special Active Directory account (for example,
PolServerKerberos).
PolServerKerberos).
Service Realm
The Active Directory domain. This domain must be typed in capital letters (for
example, 2003.POLICYSERVER.NET).
example, 2003.POLICYSERVER.NET).
Service Password
The password for the special Active Directory account.