Network Setup Examples

Network Setup Example 1: Kerberos KDC

For this example:

  • The Secure Remote Access Appliance may or may not be located behind a corporate firewall.
  • Representatives may or may not be on the same network as the Secure Remote Access Appliance.
  • Representatives belong as members to a Kerberos realm.
  • Representatives can communicate with their KDC (typically over port 88 UDP).

Network Setup Example 1: Kerberos KDC



  1. On the Kerberos KDC, register an SPN for your Secure Remote Access Appliance hostname and then export the keytab for this SPN from your KDC.
  1. Log into your Secure Remote Access Appliance's /login interface.

Users & Security > Kerberos Keytab
Kerberos Keytab

  1. Go to Users & Security > Kerberos Keytab.
  2. Under Import Keytab, browse to the exported keytab and then click Upload. You should now see this SPN under the list of Configured Principals.


Users & Security > Security Providers
Security Provider Configuration Page

  1. Go to Users & Security > Security Providers. From the dropdown, select Kerberos. Then click Create Provider.
  2. Create a unique name to help identify this provider.
  3. Be sure to check the Enabled box.
  4. Choose if you want to synchronize display names.
  5. Optionally, select to remove the REALM portion from the User Principal Name when constructing the BeyondTrust username.
  1. For User Handling Mode, select Allow all users.
  2. For SPN Handling Mode, leave the box unchecked in order to allow all SPNs.
  1. You may also select a default group policy for users who authenticate against this Kerberos server.
  2. Click Save Changes to save this security provider configuration.