Configuring Kerberos authentication
December 13, 2023
You can create one keytab file and add to it the SPNs of all servers that have the application installed. This will enable users to complete authentication using their own domain accounts on all cluster nodes.
To configure Kerberos authentication on the proxy server:
- In the application web interface, select the Settings → Built-in proxy server → Authentication section.
- In the Kerberos field, click the Set up link.
The Kerberos authentication settings window opens.
- Set the toggle switch to Enabled.
- Click Upload to upload a keytab file.
If a keytab file was previously uploaded, to replace it you must click Replace.
The file selection window opens.
- Select the file and click Open.
The keytab file will be uploaded.
- If you want to check authentication requests for duplicates, turn on the Use replay cache toggle switch.
Replay cache provides more reliable protection, but may reduce the performance of the application.
- Click Save.
If you changed the position of the Enabled or Use replay cache toggle switch, the proxy server will be restarted when the changes are saved. Traffic processing will be paused before the restart completes.
Kerberos authentication will be configured. The proxy server will process requests only from those users who complete the authentication procedure.