Configuring Kerberos
The library supports Kerberos authentication.
At user login, when Kerberos is enabled, the library obtains a ticket-granting ticket (TGT) from the key distribution center (configured in the Remote Authentication wizard) and uses the TGT to authenticate the user. Once the user is successfully authenticated, the tape library obtains the permissions information for the user from the LDAP repository or Kerberos server configuration in the LDAP settings.
Table 1 provides the Kerberos configuration settings.
Note: The library Ethernet ports must be configured to use DNS before Kerberos can be enabled. DNS
cannot be disabled if Kerberos is being used.
Setting | Kerberos configuration |
---|---|
Realm | Generally the same as your company's domain name. For example, if your company's domain name is example.com, then your Kerberos realm is EXAMPLE.COM. |
KDC (Kerberos server) | The Key Distribution Center server. A KDC server generally has a prefix of
Kerberos followed by your Kerberos realm, a colon, and the port number of the
Kerberos server. (The library port number for the Kerberos server is 88.) So, if your company's domain name is
example.com , a conventional name for your KDC server is
kerberos.example.com:88 . |
Domain mapping | Optional |