Create an MIT Kerberos realm, domain, and a provider

You can create an MIT Kerberos realm, domain, and a provider through a single workflow instead of configuring each of these objects individually.

Procedure

  1. Click Access > Authentication Providers > Kerberos Provider.
  2. Click Get Started.
    The system displays the Create a Kerberos Realm and Provider window.
  3. From the Create Realm section, type a domain name in the Realm Name field.
    It is recommended that the domain name is formatted in uppercase characters, such as CLUSTER-NAME.COMPANY.COM.
  4. Check the Set as the default realm box to set the realm as the default.
  5. In the Key Distribution Centers (KDCs) field, add one or more KDCs by specifying the IPv4 address, IPv6 address, or the hostname of each server.
  6. In the Admin Server field, specify the IPv4 address, IPv6 address, or hostname of the administration server, which will be fulfill the role of master KDC. If you omit this step, the first KDC that you added previously is used as the default admin server.
  7. In the Default Domain field, specify the domain name to use for translating the service principal names (SPNs).
  8. Optional: From the Create Domain(s) section, specify one or more domain names to associate with the realm in the Domain(s) field.
  9. From the Authenticate to Realm section, type the name and password of a user that has permission to create SPNs in the Kerberos realm in the User and Password fields.
  10. From the Create Provider section, select the groupnet the authentication provider will reference from the Groupnet list.
  11. From the Service Principal Name (SPN) Management area, select one of the following options to be used for managing SPNs:
    • Use recommended SPNs
    • Manually associate SPNs

      If you select this option, type at least one SPN in the format service/principal@realm to manually associate it with the realm.

  12. Click Create Provider and Join Realm.