8.1 Kerberos Authentication

The User Source Settings panel lets you search for and select a keytab file used for Kerberos authentication. All Kerberos server machines need a keytab file to authenticate to the Key Distribution Center (KDC). The keytab file is an encrypted, local, on-disk copy of the host's key.

Before you can import the keytab file, you must set up a Kerberos service principal account and generate a keytab file for that account. For more information, see Kerberos (Active Directory or Domain Services for Windows).

To import the keytab file, click Browse icon to search for the file, then click OK.

After importing the keytab file, you can enable Kerberos authentication while adding a user source. To do so, click the Configuration tab, then click New in the User Sources panel to launch the Create New User Source Wizard. You can also enable Kerberos authentication on an existing user source. To do so, click the Configuration tab, click the user source, then click Edit next to Authentication Mechanisms in the General section.