Kerberos Keytab: Manage the Kerberos Keytab
Users & Security
Kerberos Keytab Management
BeyondTrust supports single sign-on functionality using the Kerberos authentication protocol. This enables users to authenticate to the B Series Appliance without having to enter their credentials. Kerberos authentication applies both to the /login web interface and to the access console.
To integrate Kerberos with your B Series Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows:
- You must have a working Key Distribution Center (KDC) in place.
- Clocks must be synchronized across all clients, the KDC, and the B Series Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this.
- You must have a Service Principal Name (SPN) created on the KDC for your B Series Appliance.
The Configured Principals section lists all of the available SPNs for each uploaded keytab.
Once you have available SPNs, you can configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the B Series Appliance via Kerberos.
Export the keytab for the SPN from your KDC and upload it to the B Series Appliance via the Import Keytab section of this page.