Kerberos Authentication Configuration at the Web Server

Policy Server Guides › Policy Design Guide › SiteMinder Kerberos Authentication › How To Configure SiteMinder Kerberos Authentication › Kerberos Authentication Configuration at the Web Server

Kerberos Authentication Configuration at the Web Server

Configuring a Windows or UNIX web server to support Kerberos authentication follows these general steps:

Install a SiteMinder Web Agent with SiteMinder Kerberos Authentication Scheme support.
Register a trusted host with the Policy Server and configure the Web Agent.
Configure a Kerberos configuration file (krb5.ini):
- Configure the KDC for the Kerberos realm (domain).
- Configure krb5.ini to use the keytab file containing the credentials of the web server principal.
- Place krb5.ini in the system root path on Windows and in /etc/krb5/ on UNIX.
Deploy the keytab file (created on the KDC) containing the web server credentials to a secure location on the web server.

Important! If the web server is installed on Windows and the KDC is deployed on UNIX, be sure to perform additional configuration on the web server using the Ksetup utility.

Email CA Technologies about this topic