Kerberos Keytab: Manage the Kerberos Keytab

Users & Security

Kerberos Keytab

Kerberos Keytab Management

BeyondTrust supports single sign-on functionality using the Kerberos authentication protocol. This enables users to authenticate to the B Series Appliance without having to enter their credentials. Kerberos authentication applies both to the /login web interface and to the access console.

To integrate Kerberos with your B Series Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows:

  • You must have a working Key Distribution Center (KDC) in place.
  • Clocks must be synchronized across all clients, the KDC, and the B Series Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this.
  • You must have a Service Principal Name (SPN) created on the KDC for your B Series Appliance.

Configured Principles

The Configured Principals section lists all of the available SPNs for each uploaded keytab.

Once you have available SPNs, you can configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the B Series Appliance via Kerberos.

Import Keytab

UploadChoose File

Export the keytab for the SPN from your KDC and upload it to the B Series Appliance via the Import Keytab section of this page.