beautypg.com

Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 27

background image

Google Search Appliance: Managing Search for Controlled-Access Content

27

After you complete these steps, recrawl the affected content sources. The search appliance is then able
to check a user’s authentication status without requiring an additional login.

A verified identity from Kerberos authentication can be used for authorization. The following
authorization mechanism can use the verified identity from Kerberos authentication:

Policy ACLs

SAML authorization SPI

Connectors

If your content sources support these authorization mechanisms, then the content sources are not
required to support Kerberos, and delegation is not required.

Enrolling the Search Appliance in the KDC Domain and Creating a
Keytab File

The process for creating a user for your Key Distribution Center depends on the type of domain
controller that you are using. This guide provides instructions for installing the search appliance on a
Windows domain (RC4 and DES encryption).

Instructions for Microsoft Windows 2003, 2008, XP, and 7 (RC4 Encryption)

In the following instructions, you configure the search appliance as a user in Active Directory, then
create a keytab file. The search appliance password in Active Directory must match the password in the
keytab file.

To configure Windows:

1.

Log into the Windows server that acts as the domain controller on your network.

2.

Use the Active Directory Management wizard to create a new object-user account for the search
appliance by entering the following information:

First Name and User Logon Name (the first name and login can be anything to help you identify
the search appliance account. For example “gsa_account”)

Password

3.

Open the properties for the user. Use the Account tab for the search appliance account to modify
and apply the following properties:

Select the domain that you want to use from the drop-down box. Typically, there is only one
domain listed.

If the Use DES encryption types for this account checkbox is selected, clear the checkbox.

Clear any other checkboxes under account properties.

If permitted by your security policies, set Password never expires.

4.

Open a command prompt.

See also other documents in the category Google Software: