To authenticate user access to a MATLAB® Production Server™ instance, you need to configure Kerberos. To delegate a client’s credential to a next hop web server or a database server that is protected by Kerberos, you need to configure Kerberos Delegation. Configuring Kerberos and Kerberos Delegation requires domain administrator privileges. Currently, you can use Kerberos and Kerberos Delegation with MATLAB Production Server instances running on Windows Server® operating systems with a Windows® Key Distribution Center. To configure Kerberos and Kerberos delegation, consult your IT / Windows System Administrator, and follow these steps:
Set up a service account for the MATLAB Production Server and register a service principal name for MATLAB Production Server service instance.
Configure constrained delegation without protocol transition for the service account.
Configure the local security privilege for the MATLAB Production Server service account.
Enable Kerberos and Kerberos Delegation in the MATLAB
Production Server configuration file (main_config
). For more
information, see http-authentication-method
and client-credential-delegation
.
Only the following MATLAB functions within a deployable archive (.ctf
) support
using Kerberos Delegation:
webread
webwrite
HTTP Interface (MATLAB) functions
Database Toolbox™ functions (requires an ODBC driver)
All other functions within a deployable archive (.ctf
)
are executed using the credential of the MATLAB
Production Server instance.
Option | Requirement |
---|---|
Operating system | Windows Server |
Kerberos Delegation | Constrained delegation without protocol transition |
Key distribution center | Windows Server 2003 or later |
Client |
|
MATLAB Runtime | MATLAB Runtime R2019b or later. |
Deployable archive packaging | MATLAB Compiler SDK™ R2019b or later |
Database server | Microsoft® SQL Server® 2012 or later |
Database driver | Microsoft SQL Server ODBC driver version 11 or later |