![]() |
When an administrative user selects the Config-Authentication menu option and selects Kerberos from the Authentication Type pull-down menu, additional fields appear on the Config‑Authentication screen for configuring the Kerberos server.If the Kerberos authentication server (which is also referred to as a Key Distribution Center, or KDC) has previously been configured in either of the authentication configuration screens, the fields are filled in with the previously-configured values.Before configuring a Kerberos server, the administrative user must obtain the needed information from the server’s administrator. The administrative user enters the information in the Kerberos Realm Domain Name and the Kerberos Server IP address, which display when the Kerberos authentication type is selected.CAUTION:The Kerberos KDC rejects tickets when the timestamp on an authentication request from a host is not within the maximum clock skew time specified in the KDC’s hdc.conf file. Therefore, it is essential for the time on the OnBoard appliance to be synchronized with the time on the KDC.Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnBoard appliance and connected devices know the passwords assigned to the accounts:
• If Kerberos authentication is specified for the OnBoard appliance, accounts for all users who need to log into the OnBoard appliance to administer connected devices
• Configure an authentication server when the OnBoard appliance or any of its connected devices is configured to use the Kerberos authentication method or any of its variations (Kerberos, Local / Kerberos, Kerberos/Local or Kerberos Down/Local).
2. Make sure entries for the OnBoard appliance and the Kerberos server exist in the OnBoard appliance’s /etc/hosts file.
a.
3. Make sure that timezone and time and date settings are synchronized between the OnBoard appliance and on the Kerberos server.NOTE: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily achieved by setting both the OnBoard appliance and the Kerberos server to use the same NTP server.
a. Follow the procedure under Configuring system date and time to set the timezone, date and time.
b. Work with the authentication server’s administrator to synchronize the time and date between the OnBoard appliance and the server.
4.
5. Select Kerberos from the Authentication Type pull-down menu. The Kerberos configuration fields display.
8. Click Save and apply changes.