Administration Guide › Configure SPS to Support Integrated Windows Authentication › Configure SPS to Support Integrated Windows Authentication › Kerberos Authentication Schemes › Configure Kerberos Authentication › Configure Policy Server

Configure Policy Server

Perform the following steps in addition to the standard Policy Server configuration:

1. Open the ACO of the agent you want to configure and perform the following steps:
   1. Add the value .kcc to the KCCExt parameter.
   2. Add the value web server principal name to the HttpServicePrincipal parameter.

      Example: HTTP/win2k8sps.test.com@TEST.COM

   3. Add the Policy Server principal name to the SmpsServicePrincipal parameter.

      Example: smps@winps.test.com

2. Configure a Kerberos configuration file, krb5.ini and perform one of the following steps:
   • On Windows, place the krb5.ini file in the system root path.
   • On UNIX, place the krb5.ini file in the /etc/krb5/ path.
3. Deploy the keytab file created on KDC that contains the Policy Server principal credentials to a secure location on the Policy Server.

Important! If the Policy Server is installed on Windows and KDC is deployed on UNIX, ensure that you perform the additional configuration on the Policy Server host using the Ksetup utility.