- Password-based authorization
- Domain-based authorization with the delegation ability
- Limited domain-based authorization
Active Directory* Setup
- Log in on the domain controller under the administrator account.
- Enable the delegation for cluster nodes:
- Go toAdministrative Tools.
- In theActive Directory Users and Computersadministrative utility open theComputerslist.
- Right click on a desired computer object and selectProperties.
- If the account is located:
- in a Windows 2000 functional level domain, check theTrust computer for delegationoption;
- in a Windows 2003 or newer functional level domain, select theDelegationtab and check theTrust this computer for delegation to any service (Kerberos only)option.
- Enable the delegation for users:
- In theActive Directory Users and Computersadministrative utility open theUserslist.
- Right click on a desired user object and selectProperties.
- Select theAccounttab and disable theAccount is sensitive and cannot be delegatedoption.
- Register service principal name (SPN) for cluster nodes. Use one of the following methods for registering SPN:
- Use the Microsoft*-providedsetspn.exeutility. For example, execute the following command on the domain controller:> setspn.exe -A impi_hydra/<host>:<port>/impi_hydra<host>where:
- <host>is the cluster node name.
- <port>is the Hydra port. The default value is8679. Change this number only if your hydra service uses the non-default port.
- Log into each desired node under the administrator account and execute the command:> hydra_service -register_spn
> klist purge