Kerberos authentication

Complete the following steps to configure a Kerberos integration as an external authentication source.

Define an external authentication source

1. On the Administration page, go to Console > Authentication: 2FA and SSO.
2. On the Security Console Configuration screen, click the Authentication tab.
3. Under Kerberos Authentication Source Listing, click the Add Kerberos Source button.
4. Click the Enable authentication source checkbox.
5. Click the Default realm checkbox.
6. Enter the name of the Kerberos realm.
7. Enter the name of the key distribution center.
8. Click Save.

The Authentication tab will now list your new Kerberos authentication source.

9. Finally, click Save on the Security Console Configuration screen to finalize your authentication sources.

Create user accounts

With your external authentication source defined, you can now create accounts for your users.

1. On the Administration page, click Users > User Management.
2. Click Add User
3. Complete all fields as required.

For more information about creating user accounts read our Managing users and authentication docs.

Manually setting Kerberos encryption types

You can secure connections to the Kerberos source by specifying ticket encryption types for the connection to use.

1. Using a text editor, create a text file named kerberos.properties.
2. Add the following line to the file:

 
1
default_tkt_enctypes=

3. Append this line with one or more encryption types as desired. Separate multiple types with a space. Example:

 
1
default_tkt_enctypes= aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96

Choose from any of the following encryption types:

• des-cbc-md5
• des-cbc-crc
• des3-cbc-sha1
• rc4-hmac
• arcfour-hmac
• arcfour-hmac-md5
• aes128-cts-hmac-sha1-96
• aes256-cts-hmac-sha1-96
• gssapi
• gss-spnego

4. When finished, save the file in the <install_dir>/nsc/conf directory. The changes will be applied when the Security Console restarts.