Using the Web Manager : Configuring Authentication : Configuring a Kerberos authentication server

Configuring a Kerberos authentication server
When an administrative user selects the Config-Authentication menu option and selects Kerberos from the Authentication Type pull-down menu, additional fields appear on the Config‑Authentication screen for configuring the Kerberos server.
If the Kerberos authentication server (which is also referred to as a Key Distribution Center, or KDC) has previously been configured in either of the authentication configuration screens, the fields are filled in with the previously-configured values.
Before configuring a Kerberos server, the administrative user must obtain the needed information from the server’s administrator. The administrative user enters the information in the Kerberos Realm Domain Name and the Kerberos Server IP address, which display when the Kerberos authentication type is selected.
CAUTION:The Kerberos KDC rejects tickets when the timestamp on an authentication request from a host is not within the maximum clock skew time specified in the KDC’s hdc.conf file. Therefore, it is essential for the time on the OnBoard appliance to be synchronized with the time on the KDC.
Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnBoard appliance and connected devices know the passwords assigned to the accounts:
If Kerberos authentication is specified for the OnBoard appliance, accounts for all users who need to log into the OnBoard appliance to administer connected devices
Configure an authentication server when the OnBoard appliance or any of its connected devices is configured to use the Kerberos authentication method or any of its variations (Kerberos, Local / Kerberos, Kerberos/Local or Kerberos Down/Local).
To configure a Kerberos authentication server:
1.
2.
a.
Select the Network-Host Table menu option. The Host Table form appears.
b.
3.
NOTE: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily achieved by setting both the OnBoard appliance and the Kerberos server to use the same NTP server.
a.
b.
4.
Select the Config-Authentication menu option.
5.
Select Kerberos from the Authentication Type pull-down menu. The Kerberos configuration fields display.
6.
7.
8.
Click Save and apply changes.