Configuring unconstrained delegation for CCS

You need to configure unconstrained delegation only if your deployment contains a stand-alone installation of the Directory Server.

See About delegation in Control Compliance Suite.

To configure a service account with unconstrained delegation

  1. Identify the user accounts that you want to use as the service accounts for DSS and Application Server.

  2. Enable delegation for the Application Server's service account. By default, the user is set to Do not trust this user for delegation.

    The following service accounts are to be enabled:

    Windows Server 2003 computer

    In the user properties, go to the Delegation tab and select the option, Trust this user for delegation to any service (Kerberos only).

    Windows Server 2008 computer

    In the user properties, go to Accounts tab and check the option, Account is trusted for delegation.

  3. After the product is installed, configure delegation for the Application Server in the following manner:

    • In the CCS Console, go to Settings > System Topology > Map View or go to Settings > System Topology > Grid View.

    • Select the Application Server component, and right-click on Edit Settings.

    • In the Edit Settings dialog box, select the Application Server > Basic option in the left pane.

    • For the Authentication type option, select Use controlled delegation of security rights in the right pane.

    • Click Save.

  4. Reboot the DSS and the Application Server computer so that the delegation settings can take effect.

See Configuring constrained delegation for CCS.

Imported Document ID: HOWTO75235
Legacy ID: v63772240_v74603629

Thanks for your feedback. Let us know if you have additional comments below. (requires login)

    © 1995-2019 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.