Initialize the Key Distribution Center in the Appliance

Before you can use the Mobile SSO for iOS authentication method, you must initialize the Key Distribution Center (KDC) in the VMware Identity Manager appliance.

To initialize KDC, you assign your identity manager hostname to the Kerberos realms. The domain name is entered in upper-case letters. If you are configuring multiple Kerberos realms, to help identify the realm, use descriptive names that end with your identity manager domain name. For example, SALES.MY-IDENTITYMANAGER.EXAMPLE.COM. If you configure subdomains, type the subdomain name in lower-case letters.

Prerequisites

VMware Identity Manager is installed and configured.

Realm name identified. See Using the Built-in KDC.

Procedure

SSH into the VMware Identity Manager appliance as the root user.
Initialize the KDC. Enter /etc/init.d/vmware-kdc init --realm {REALM.COM} --subdomain {sva-name.subdomain}.
For example, /etc/init.d/vmware-kdc init --realm MY-IDM.EXAMPLE.COM --subdomain my-idm.example.com

If you are using a load balancer with multiple identity manager appliances, use the name of the load balancer in both cases.
Restart the VMWare Identity Manager service. Enter service horizon-workspace restart.
Start the KDC service. Enter service vmware-kdc restart.

What to do next

Create public DNS entries. DNS records must be provisioned to allow the clients to find the KDC. See Creating Public DNS Entries for KDC with Built-in Kerberos.