A Kerberos server profile enables users to natively authenticate to an Active Directory domain controller or a Kerberos V5-compliant authentication server. This authentication method is interactive, requiring users to enter usernames and passwords, in contrast with Kerberos single sign-on (SSO), which involves transparent authentication.
To use a Kerberos server for authentication, the server must be accessible over an IPv4 address. IPv6 addresses are not supported.
Configure a Kerberos Server Profile
Add a Kerberos server profile. Select Device > Server Profiles > Kerberos and click Add. Enter a Profile Name to identify the server profile. For a firewall with more than one virtual system (vsys), select the Location (vsys or Shared) where the profile is available. For each Kerberos server, click Add and enter a Name (to identify the server), server IPv4 address or FQDN ( Kerberos Server field), and an optional Port number for communication with the server (default 88). If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect. Click OK.
Implement the Kerberos server profile. Assign the Kerberos server profile to an authentication profile or sequence. Test a Kerberos Authentication Profile to verify that the firewall or Panorama can connect to the Kerberos server. Assign the authentication profile or sequence to an administrator account or to a firewall service for end users. Commit your changes.

Related Documentation