Configuring Kerberos authentication

To use Kerberos authentication, make sure that a PTR entry is present in the DNS system in reverse lookup zones for the fully qualified domain name (FQDN) and URL (if the URL is different from the FQDN) of each cluster node.

To configure Kerberos authentication:

1. In the application web interface window, select the Settings → Application access → SSO login section.
2. Select the Kerberos tab.
3. Set the Use Kerberos toggle switch to Enabled.
4. Click the Upload button to upload a previously created keytab file.

   This functionality is available only if the user has the Edit settings permission.

   The keytab file must contain the SPN of the Control node and Secondary nodes.

   The file selection window opens.

5. Select the keytab file and click Open.
6. Click Save.

   If the keytab file is found to not contain the SPN of the Control node or an SPN of any of the Secondary nodes, in the Nodes section that node has the No SPN for Kerberos Single Sign-On status. If no SPN is found for any of the nodes, the Save button cannot be clicked.

Kerberos authentication is configured. Users authenticated in Active Directory can connect to the application web interface using the Single Sign-On technology. Access to application functionality is determined by the permissions of the application user account.

When Kerberos authentication is disabled, the previously uploaded keytab file is deleted.

Page top