End-of-Life (EoL)

Configure a Kerberos Server Profile

A Kerberos server profile enables users to natively authenticate to an Active Directory domain controller or a Kerberos V5-compliant authentication server. This authentication method is interactive, requiring users to enter usernames and passwords, in contrast with Kerberos single sign-on (SSO), which involves transparent authentication.
To use a Kerberos server for authentication, the server must be accessible over an IPv4 address. IPv6 addresses are not supported.
  1. Add a Kerberos server profile.
    1. Select
      Server Profiles
      and click
    2. Enter a
      Profile Name
      to identify the server profile.
    3. For a firewall with more than one virtual system (vsys), select the
      (vsys or
      ) where the profile is available.
    4. For each Kerberos server, click
      and enter a
      (to identify the server), server IPv4 address or FQDN (
      Kerberos Server
      field), and an optional
      number for communication with the server (default 88).
      If you use an FQDN address object to identify the server and you subsequently change the address, you must commit the change for the new server address to take effect.
    5. Click
  2. Implement the Kerberos server profile.
    1. Assign the Kerberos server profile to an authentication profile or sequence.
    2. Test a Kerberos Authentication Profile to verify that the firewall or Panorama can connect to the Kerberos server.
    3. Commit
      your changes.

Recommended For You