Network Setup Examples
Network Setup Example 1: Kerberos KDC
For this example:
- The Secure Remote Access Appliance may or may not be located behind a corporate firewall.
- Representatives may or may not be on the same network as the Secure Remote Access Appliance.
- Representatives belong as members to a Kerberos realm.
- Representatives can communicate with their KDC (typically over port 88 UDP).
- On the Kerberos KDC, register an SPN for your Secure Remote Access Appliance hostname and then export the keytab for this SPN from your KDC.
- Log into your Secure Remote Access Appliance's /login interface.
- Go to Users & Security > Kerberos Keytab.
- Under Import Keytab, browse to the exported keytab and then click Upload. You should now see this SPN under the list of Configured Principals.
- Go to Users & Security > Security Providers. From the dropdown, select Kerberos. Then click Create Provider.
- Create a unique name to help identify this provider.
- Be sure to check the Enabled box.
- Choose if you want to synchronize display names.
- Optionally, select to remove the REALM portion from the User Principal Name when constructing the BeyondTrust username.
- For User Handling Mode, select Allow all users.
- For SPN Handling Mode, leave the box unchecked in order to allow all SPNs.
- You may also select a default group policy for users who authenticate against this Kerberos server.
- Click Save Changes to save this security provider configuration.