Release Note

Using Kerberos authentication with your database

Pega 7 supports Kerberos functionality. Kerberos is a computer network authentication protocol which allows nodes communicating over a non-secure network to prove their identity to one another in a secure manner. 

 

To use Kerberos for authentication, you must use the command line to install or upgrade Pega 7.

 

To use Kerberos authentication:

1.  Change the setupDatabase.properties file.

a.  In the “Uncomment this property section” of the file, uncomment the jdbc.custom.connection.properties property.  Based on your security infrastructure, different properties may be required as parameters to this property; provide the needed properties as semicolon-delimited name/value pairs:
 

jdbc.custom.connection.properties=prop1=val1;prop2=val2;prop3=val3;
 

Example:  For an installation on a MSSQL database server from a Windows client machine (where both machines belong to the same Windows domain), using the Microsoft JDBC driver, the property may be set as follows:
 

jdbc.custom.connection.properties=integratedSecurity=true;

 

b.  Comment out all the username and password properties where they occur in the jdbc.custom.connection.properties file, so that they appear as follows:


# pega.jdbc.username db username
# pega.jdbc.password db password

[lines removed here]

# pega.jdbc.username=ADMIN
# pega.jdbc.password=ADMIN

 

2.  Set up your database to enable Kerberos functionality.  This may include additional vendor-specific JDBC driver configuration, or other setup procedures.  Check the documentation from your database vendor to determine what Kerberos setup is needed for your database.

 

3.  Run the command line installation or upgrade by following the instructions found in the Pega 7 Deployment guides.