Configuring Kerberos authentication

To use Kerberos authentication, make sure that in the DNS system, in the reverse lookup zone there is a PTR record for the fully qualified domain name (FQDN) and an URL (if the URL is not the same as FQDN) of each cluster node.

To configure Kerberos authentication:

1. In the application web interface window, select the Settings → Application access → Single Sign-On login section.
2. Select the Kerberos tab.
3. Set the Use Kerberos toggle switch to Enabled.
4. Click the Upload button to upload a previously created keytab file.

   This functionality is available only if the user has the Edit settings permission.

   The keytab file must contain the SPN of the Control node and Secondary nodes.

   The file selection window opens.

5. Select the keytab file and click Open.
6. Click Save.

   If the keytab file is found to not contain the SPN of the Control node or an SPN of any of the Secondary nodes, in the Nodes section that node has the No SPN for Kerberos Single Sign-On status. If no SPN is found for any of the nodes, the Save button cannot be clicked.

Kerberos authentication is configured. Users authenticated in Active Directory can connect to the application web interface using the Single Sign-On technology. Access to application functionality is determined by the permissions of the application user account.

When Kerberos authentication is disabled, the previously uploaded keytab file is deleted.

Page top