Configure Kerberos provider settings
You can configure the settings of a Kerberos provider to allow the DNS records to locate the Key Distribution Center (KDC), Kerberos realms, and the authentication servers associated with a Kerberos realm. These settings are global to all the users of Kerberos across all the nodes, services, and access zones. Some settings are applicable only to the client-side Kerberos that is relevant when joining a realm or when communicating with an Active Directory KDC. Typically, you do not need to change the settings after the initial configuration.
- In the
Default Realm field, specify the realm to use for the service principal name (SPN). The default realm is the first realm that you create.
- Select a check box to always send pre-authentication. This is a client-side Kerberos configuration setting.
Selecting this check box enables the Kerberos ticket requests to include
ENC_TIMESTAMP as the pre-authentication data even if the authentication server did not request it. This is useful when working with Active Directory servers.
- Select a check box to specify whether to use the DNS server records to locate the KDCs and other servers for a realm, if that information is not listed for the realm.
- Select a check box to specify whether to use the DNS text records to determine the Kerberos realm of a host.