The Build Forge server and Build Forge clients must be
set up in an Active Directory domain.
Before you begin
Support Tools for Windows 2003 SP2 are required for the following
procedure. They contain the
setspn command, which
is required to set a service principal in Active Directory. Install
Support Tools from the Windows Server 2003 product CD or the Microsoft
Download Center.
About this task
When the Build Forge client and server are in an Active Directory
domain, a user generates a Kerberos credentials token when logging
into a Windows host. When the user then attempts to access the Build
Forge server, the SPNEGO interceptor receives the user token and validates
it. The validated identity is passed to the Build Forge to perform
a login through the configured Microsoft Active Directory LDAP server.
Procedure
- Log on to the domain controller host. In the
example, the host is it_example.mycompany.com.
- Add the Build Forge host to the Active Directory domain
if it is not already a member. In this example, add host it_buildforge to
the ITDEV.COM domain. The host now has a fully qualified
name in the domain: it_buildforge.ITDEV.COM
- Add a Build Forge user to the Active Directory domain. In this example, create user bfuser.
Important: - Select Password never expires. You may
select other password management. However, you will need to enter
a new password for the Build Forge server each time it expires.
- In the Accounts tab, select Account
is trusted for delegation
- If they do not exist, create user accounts in Microsoft
Active Directory for all clients. In this example, there
is one user to create, happy_user.
- Create a service principal name (SPN) for Build Forge. In the example, the Active Directory user bfuser is
associated with service name HTTP/it_buildforge.mycompany.com to
create the SPN for the Build Forge server, it_buildforge.
setspn -A HTTP/it_buildforge.mycompany.com bfuser
HTTP
is the service name for the Build Forge service.