#kerberos

Enable self-managed AD Kerberos authentication with Amazon RDS for Db2

Step-by-step guide for configuring Kerberos authentication on Amazon RDS for Db2 using a self-managed Active Directory. Covers creating a dedicated OU and service account, delegating nine specific AD permissions (including the non-obvious use of ADSI Edit for servicePrincipalName on User objects), storing credentials in a KMS-encrypted Secrets Manager secret, and validating the setup from a domain-joined Amazon Linux 2023 EC2 client. Also addresses networking requirements (DNS, Kerberos, LDAP, RPC dynamic ports) and common pitfalls like incorrect object scoping and username format in Secrets Manager.