To change the realm after the initial configuration, you must add the new realm name and reinitialize the KDC service.

To initialize KDC, you assign your identity manager hostname to the Kerberos realms. The domain name is entered in upper-case letters. If you are configuring multiple Kerberos realms, to help identify the realm, use descriptive names that end with your identity manager domain name. For example, SALES.MY-IDENTITYMANAGER.EXAMPLE.COM. If you configure subdomains, type the subdomain name in lower-case letters.

Procedure

  1. SSH into the VMware Identity Manager appliance as the root user.
  2. Initialize the KDC. Enter /etc/init.d/vmware-kdc init --realm {REALM.COM} --subdomain {sva-name.subdomain} --force.
    For example, /etc/init.d/vmware-kdc init --realm MY-IDM.EXAMPLE.COM --subdomain my-idm.example.com --force
    If you are using a load balancer with multiple identity manager appliances, use the name of the load balancer in both cases.
  3. Restart the VMware Identity Manager service. Enter service horizon-workspace restart.
  4. Start the KDC service. Enter service vmware-kdc restart.

Results

The realm name is updated in the iOS KdcKerberosAuthAdapter authentication method configuration page.