1. Home
    2. PAN-OS
    3. PAN-OS 7.1 Web Interface Reference Guide
    4. Device
    5. Device > Server Profiles > Kerberos
    Previous
    Next
    Device > Server Profiles > Kerberos Panorama > Server Profiles > Kerberos
    Select Device > Server Profiles > Kerberos or Panorama > Server Profiles > Kerberos to configure a server profile that enables users to natively authenticate to an Active Directory domain controller or a Kerberos V5-compliant authentication server. After configuring a Kerberos server profile you can assign it to an authentication profile, and then test the Kerberos authentication profile.
    		 To use Kerberos authentication, your back-end Kerberos server must be accessible over an IPv4 address. IPv6 addresses are not supported.
    Kerberos Server Setting Description
    Profile Name Enter a name to identify the server (up to 31 characters). The name is case-sensitive and must be unique. Use only letters, numbers, spaces, hyphens, and underscores.
    Location Select the scope in which the profile is available. In the context of a firewall that has more than one virtual system (vsys), select a vsys or select Shared (all virtual systems). In any other context, you can’t select the Location ; its value is predefined as Shared (for firewalls) or as Panorama. After you save the profile, you can’t change its Location.
    Administrator Use Only Select this option to specify that only administrator accounts can use the profile for authentication. For firewalls that have multiple virtual systems, this option appears only if the Location is Shared.
    Servers For each Kerberos server, click Add and specify the following settings: Name —Enter a name for the server. Kerberos Server —Enter the server IPv4 address or FQDN. Port —Enter an optional port (range is 1–65,535; default is 88) for communication with the server.
    Previous
    Next

    Related Documentation

    Configure a Kerberos Server Profile

    Configure a Kerberos Server Profile A Kerberos server profile enables users to natively authenticate to an Active Directory domain controller or a Kerberos V5-compliant authentication ...

    Test a Kerberos Authentication Profile

    Test a Kerberos Authentication Profile The following example shows how to test a Kerberos profile named Kerberos-Profile for a user named User5-Kerberos and how to ...

    Configure an Authentication Profile and Sequence

    Configure an Authentication Profile and Sequence An authentication profile defines the authentication service that validates the login credentials of firewall or Panorama administrators and Captive ...

    Kerberos for Internal Gateway for Windows

    Kerberos for Internal Gateway for Windows GlobalProtect clients running on Windows 7, 8, or 10 now support Kerberos V5 single sign-on (SSO) for GlobalProtect portal ...

    Device > Authentication Profile

    Device > Authentication Profile Device > Authentication Profile Panorama > Authentication Profile Select Device > Authentication Profile or Panorama > Authentication Profile to configure authentication ...

    Configure an Administrator with Kerberos SSO, External, or Local Authentication

    Configure an Administrator with Kerberos SSO, External, or Local Authentication When you configure Administrative Authentication for an administrator account, you can combine Kerberos single sign-on ...

    Device > Authentication Sequence

    Device > Authentication Sequence Device > Authentication Sequence Panorama > Authentication Sequence In some environments, user accounts reside in multiple directories (for example, local database, ...

    Test the Authentication Configuration

    Test the Authentication Configuration Use the test authentication command to determine if your firewall or Panorama management server can communicate with a back-end authentication server ...

    Map IP Addresses to Usernames Using Captive Portal

    Map IP Addresses to Usernames Using Captive Portal If the firewall receives a request from a security zone that has User-ID enabled and the source ...

    Configure Kerberos Single Sign-On

    Configure Kerberos Single Sign-On Palo Alto Networks firewalls and Panorama support Kerberos V5 single sign-on (SSO) to authenticate administrators to the web interface and end ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo