Configuring Kerberos
Use Kerberos if you want extra security with remote authentication. You can configure the Kerberos settings any time after the initial library configuration. Before you can configure Kerberos, you need to generate the service keytab file on your Kerberos/Active Directory® server. For instructions, see Generating the Kerberos Service Keytab File.
Make sure that both the library and the Kerberos/Active Directory server are set to the same time (within 5 minutes). Otherwise, the authentication will fail. It is recommended that you use Network Time Protocol (NTP) to synchronize the time between the library and the Kerberos server. See Setting the Date and Time.
 |
NOTE: This operation should not be performed concurrently by multiple administrators logged in from different locations. You can access the appropriate screens, but you cannot apply changes while another administrator is performing the same operation.
|
You need administrator privileges to configure Kerberos.
- From the Setup menu, select User Management > Remote Authentication.
The Setup - Remote Authentication screen displays.
- Under Authentication Type, do one of the following:
- To enable Kerberos, select LDAP with Kerberos: and continue with step 3.
- To disable Kerberos, select LDAP or Local Only and continue with step 6.
- To modify Kerberos configuration settings, continue with step 3.
- Type the Kerberos settings into the following Kerberos fields:
- Realm — The Kerberos realm name, typed in all uppercase letters. Usually the realm name is the DNS domain name.
- KDC (AD Server) — The key distribution center (in other words, the server on which Kerberos/Active Directory is installed).
- Domain Mapping — The domain portion of the library’s fully qualified domain name.
- Upload the service keytab file. This is a file you generate on your Kerberos/Active Directory server. If you have not already generated this file, do so now, and place the file in a known location on your computer. For instructions, see Generating the Kerberos Service Keytab File. Then click the Browse button to upload the file.
- Configure the LDAP settings as described in Configuring LDAP.
- Click Apply.
The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:
- If Success displays in the Progress Window, the LDAP and Kerberos settings were successfully applied. Click Close to close the Progress Window. Do one of the following:
- If you enabled LDAP or Kerberos, or modified LDAP or Kerberos settings, continue with step 7.
- If you disabled LDAP or Kerberos, continue with step 8.
- If Failure displays in the Progress Window, the LDAP settings were not successfully applied.Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- To test all the new or changed Kerberos and LDAP settings, enter a user name and password and click Test Settings. The user you use for the test must be a member of both the Library User Group and the Library Admin Group on the LDAP server. You may need to create a special or temporary user specifically for this purpose.
The Progress Window displays. The Progress Window contains information on the action, elapsed time, and status of the requested operation.Do one of the following:
- If Success displays in the Progress Window, the LDAP Test was successful. Click Close to close the Progress Window. Continue to next step.
- If Failure displays in the Progress Window, the LDAP Test failed.Follow the instructions listed in the Progress Window to resolve any issues that occurred during the operation.
- Save the library configuration.
For instructions on how to save the library configuration, see Saving the Configuration.
See also: