Create Kerberos Authentication Module

6.2 Create Kerberos Authentication Module

Kerberos Authentication module identifies the key tab file and krb5.configuration file names and Principal. This plug-in is used while configuring Access Manager for Windows Native Authentication. Use the Create Kerberos Authentication Module page to create a new Kerberos Authentication Module.

The following table describes the elements in the Create Kerberos Authentication Module page:

Element	Description
Name	Type a unique ID for this module, you can include upper and lower case alpha characters as well as numbers and spaces.
Key Tab File	Provide the path to the encrypted, local, on-disk copy of the host's key, required to authenticate to the key distribution center (KDC). For example:/etc/krb5.keytab. The KDC authenticates the requesting user and confirms that the user is authorized for access to the requested service. If the authenticated user meets all prescribed conditions, the KDC issues a ticket permitting access based on a server key. The client receives the ticket and submits it to the appropriate server. The server can verify the submitted ticket and grant access to the user submitting it. Note: The key tab file should be readable only by root, and should exist only on the machine's local disk. It should not be part of any backup, unless access to the backup data is secured as tightly as access to the machine's root password itself.
Principal	Provide the HTTP host for the principal in the Kerberos database, which enables generation of a key tab for a host.
KRB Config File	Provide a path to the configuration file that controls certain aspects of the Kerberos installation. A krb5.conf file must exist in the /etc directory on each UNIX node that is running Kerberos. krb5.conf contains configuration information required by the Kerberos V5 library (the default Kerberos realm and the location of the Kerberos key distribution centers for known realms).
Apply	Click Apply to submit this Kerberos Authentication Module.