Configuring the Microsoft Dynamics CRM On-Premises data source for Kerberos
During installation of the On-Premises Connector, the files required for Kerberos authentication are installed in the \jre\lib\security subdirectory of your product installation directory:
krb5.conf is a Kerberos configuration file containing values for the Kerberos realm and the KDC name for that realm. You must modify the generic file that is installed for your environment.
JDBCDriverLogin.conf file is a configuration file that specifies which Java Authentication and Authorization Service (JAAS) login module to use for Kerberos authentication. This file loads automatically unless the java.security.auth.login.config system property is set to load another login configuration file. You can edit this file, but the On-Premises Connector must be able to find the JDBC_DRIVER_01 entry to configure the JAAS login module. Refer to your J2SE documentation for information about setting options in this file.
Note: You must download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for JDK/JRE 7 at http://www.oracle.com/technetwork/java/javase/downloads/index.html. Unzip the files into the \jre\lib\security subdirectory of your product installation directory.
To configure the On-Premises Connector for Microsoft Dynamics CRM:
1. Set the AuthenticationMethod property to kerberos.
2. Modify the krb5.conf file to contain your Kerberos realm name and the KDC name for that Kerberos realm by editing the file with a text editor. Alternatively, you can specifying the system properties, java.security.krb5.realm and java.security.krb5.kdc. You may need to contact your network administrator for the Kerberos realm name and KDC name.
Note: If using Windows Active Directory, the Kerberos realm name is the Windows domain name and the KDC name is the Windows domain controller name.
For example, if your Kerberos realm name is XYZ.COM and your KDC name is kdc1, your krb5.conf file would look like this:
[libdefaults]
default_realm = XYZ.COM
[realms]
XYZ.COM = {
kdc = kdc1
}
If the krb5.conf file does not contain a valid Kerberos realm and KDC name, the following exception is thrown:
Message:[DataDirect][JDBC Cloud Driver][Microsoft Dynamics CRM]Could not establish a connection using
integrated security: No valid credentials provided
The krb5.conf file loads automatically unless the java.security.krb5.conf system property is set to load another Kerberos configuration file.