Kerberos protocol support

The Kerberos network protocol provides a simple and secure authentication method for transmitting data through unencrypted networks.

Kaspersky Security can use the Kerberos protocol when interacting with Active Directory and when communicating with a Backup and statistics database running Microsoft SQL Server.

Make sure that the Microsoft SQL Server being used supports the Kerberos protocol.

Be sure to use only secure TLS ciphers when using the Kerberos protocol. List of secure TLS cipher suites. For instructions on how to configure TLS cipher suites, please refer to this article on the Microsoft website.

The Kerberos protocol is supported starting from Kaspersky Security 9.0 for Microsoft Exchange Servers 9.6 Patch 1 and higher. To obtain the installation files and instructions for installing the Update Package, please contact Technical Support.

The Update Package installation process automatically registers the service principal name (SPN) for the user account that is selected for running the application service. SPN registration is a mandatory condition for use of the Kerberos protocol. After installation of the Update Package is complete, check the event log to see if any errors occurred during automatic registration of the SPN. If automatic SPN registration was unsuccessful, you can manually register the SPN. To do so, run the following command in the command line console:
setspn.exe -S KSE/<server_address> <user_account_name>