End-of-Life (EoL)

Configure Kerberos SSO and External or Local Authentication for Administrators

You can configure the firewall to first try Kerberos single sign-on (SSO) authentication and, if that fails, fall back to External Service or Local database authentication.
  1. Configure a Kerberos keytab for the firewall.
    Required for Kerberos SSO authentication.
    Create a Kerberos keytab. A keytab is a file that contains Kerberos account information (principal name and hashed password) for the firewall.
  2. Configure a local database or external server profile.
    Required for local database or external authentication.
    • Local database authentication—Perform the following tasks:
  3. Configure an authentication profile.
    If your users are in multiple Kerberos realms, create an authentication profile for each realm and assign all the profiles to an authentication sequence. You can then assign the same authentication sequence to all user accounts (Step 4).
  4. Configure an administrator account.
    • For local database authentication, specify the
      of the user you defined in Step 2.
    • Assign the
      Authentication Profile
      or sequence and the Admin Role
      that you just created.

Recommended For You