Kerberos Authentication Configuration at the Policy Server

Policy Server Guides › Policy Design Guide › SiteMinder Kerberos Authentication › How To Configure SiteMinder Kerberos Authentication › Kerberos Authentication Configuration at the Policy Server

Kerberos Authentication Configuration at the Policy Server

In addition to the standard Policy Server configuration, Kerberos authentication requires the following steps:

Add these three parameters to the Agent Configuration Object:

Parameter	Value
KCCExt	.kcc
HttpServicePrincipal	Specifies the web server principal name. Example: HTTP/win2k3iis6.test.com@TEST.COM
SmpsServicePrincipal	Specifies the Policy Server principal name. Example: smps/win2kps.test.com@TEST.COM

Parameter

Value

KCCExt

.kcc

HttpServicePrincipal

Specifies the web server principal name.

Example: HTTP/win2k3iis6.test.com@TEST.COM

SmpsServicePrincipal

Specifies the Policy Server principal name.

Example: smps/win2kps.test.com@TEST.COM

Configure a Kerberos configuration file (krb5.ini) and place it in the system root path on Windows and in /etc/krb5/ on UNIX.
Deploy the keytab file created on the KDC that contains the Policy Server principal credentials to a secure location on the Policy Server.

Important! If the Policy Server is installed on Windows and the KDC is deployed on UNIX, be sure to perform the additional configuration on the Policy Server host using the Ksetup utility.

More information:

Kerberos Configuration at the Policy Server on Windows Example

Kerberos Configuration at the Policy Server on UNIX Example

Email CA Technologies about this topic