Kerberos keytab
What is a Kerberos keytab?
A Kerberos keytab is a file containing encrypted credentials used to enable Kerberos-based authentication for single sign-on functionality.
How is a Kerberos keytab useful?
A Kerberos keytab allows users to authenticate to the BeyondTrust Appliance B Series automatically without manually entering their credentials. This applies to both the /login web interface and the representative console, simplifying access and enhancing security.
How do I access the Kerberos Keytab page?
- Use a Chromium-based browser to sign in to your Remote Support URL.
This URL is provided in the BeyondTrust welcome email and includes your site URL followed by /login. - From the left menu, click Users & Security.
The Users page opens and displays by default. - At the top of the page, click Kerberos Keytab.
The Kerberos Keytab page displays.
How to configure a Kerberos keytab
To integrate Kerberos with your B Series Appliance, you must have a Kerberos implementation either currently deployed or in the process of being deployed. Specific requirements are as follows:
- You must have a working Key Distribution Center (KDC) in place.
- Clocks must be synchronized across all clients, the KDC, and the B Series Appliance. Using a Network Time Protocol server (NTP) is an easy way to ensure this.
- You must have a Service Principal Name (SPN) created on the KDC for your B Series Appliance.
Configured principles
The Configured Principals section lists all of the available SPNs for each uploaded keytab.
Once you have available SPNs, you can configure a Kerberos security provider from the Security Providers page and define which user principals may authenticate to the B Series Appliance via Kerberos.
Import keytab
Choose file
Export the keytab for the SPN from your KDC and upload it to the B Series Appliance.
Note
For more information, see Kerberos single sign-on.
Updated 5 days ago