Customize Kerberos

You can customize your system configuration as required. You carry out this part of the configuration in ARIS Administration.

Prerequisite

You have the Technical configuration administrator function privilege.

Procedure

  1. Click Configuration Configuration.

  2. Click the arrow next to Kerberos.

  3. Click a configuration category. The following categories are available:

    General

    You can configure the following properties of your system:

    Use Kerberos

    Specifies whether a Kerberos-based login is allowed. This corresponds to the following property: com.aris.umc.kerberos.active

    KDC

    Specifies the fully qualified name of the central Key Distribution Center (KDC). This is usually the fully qualified host name of the LDAP server. This corresponds to the following property: com.aris.umc.kerberos.kdc

    Realm

    Specifies the realm of Kerberos tickets. Fully qualified domain name in uppercase letters. This corresponds to the following property: com.aris.umc.kerberos.realm

    Principal

    Specifies the name of the technical user used for verifying Kerberos tickets.

    If Kerberos is used, each user, computer or service provided by a server must be defined as a principal. This corresponds to the following property: com.aris.umc.kerberos.servicePrincipalName

    Key table

    Specifies the location of the keytab file that is used for Kerberos tickets. This corresponds to the following property: com.aris.umc.kerberos.keyTab

    Upload Upload

    To upload the key table file, click Upload Upload under the Key table field.

    Configuration file

    Storage location of the configuration file for Kerberos. The file can be uploaded directly.

    This corresponds to the following property: com.aris.umc.kerberos.config

    Upload Upload

    To upload the configuration file, click Upload Upload under the Configuration file field. You find this file on your installation medium under Add-ons\Kerberos.

    Advanced settings

    You can configure the following properties of your system:

    Debug output

    Specifies whether debug output is allowed for Kerberos operations. This corresponds to the following property: com.aris.umc.kerberos.debug

    Allow local users

    Specifies whether the LDAP connection is mandatory for Kerberos-based login. If this option is enabled, Kerberos is used for the login of local users also. This corresponds to the following property: com.aris.umc.kerberos.allowLocalUsers

    Validate user name

    Specifies whether or not the realm defined for the user principal name provided in the Kerberos ticket is to be ignored. The default value is false. This corresponds to the following property: com.aris.umc.kerberos.validateuser

    Default tenant

    Specifies the default tenant for a Kerberos-based login. This corresponds to the following property: com.aris.umc.kerberos.tenant.

    Cross-tenant property that can only be changed using ARIS Cloud Controller. For more information, refer to ARIS Cloud Controller (ACC) Command-line Tool manual.

  4. Click Edit Edit.

    The Cross-tenant symbol Cross-tenant indicates that the settings made apply to all tenants on this server and cannot be changed.

  5. Adjust your settings.

  6. Click Save Save.

You have customized your system configuration.

See also

What Kerberos properties are available?