Configure Kerberos Authentication

To enable Kerberos authentication:

  1. Options are:
    • Navigate to the configuration folder in the application’s directory. In the configuration folder, open the security.properties file in Notepad to display the default file path locations for each component. The default location is C://Program Files > “Application Name”> configuration > security.properties file.
    • Navigate to the System > Tenant Properties > Security table.
  2. In security.profiles=SECURITY-WEB3, enter the security profile for Kerberos; for example: security.profiles=SECURITY-KERBEROS.
  3. Optional - To identify multiple profiles enter the desired security profiles comma separated; for example:security.profiles=SECURITY-WEB-AD,SECURITY-KERBEROS,SECURITY-WEB

    Note no space after the comma and be sure to set all applicable settings when entering multiple security profiles.

  4. In security.krb5.confLocation, enter the file location of the Kerberos ini file.
  5. In security.krb5.servicePrincipal, enter the service principal (SPN) name for Kerberos authentication.
  6. In security.krb5.keyTabLocation, enter the file location of the Kerberos key tab file.
  7. In security.krb5.debug, TRUE turns on extra debugging information to help track down Kerberos configuration problems. The recommended setting is FALSE.
  8. Save the file to confirm your input.
  9. Stop and Restart the application to initiate your new settings.
Kerberos Directory Sample Settings 

security.krb5.confLocation=file://C:/usr/local/apache-tomcat-7.0.63/conf/krb5.ini
security.krb5.servicePrinicipal=HTTP/tsg-nlb05.int.kronos.com
security.krb5.keyTabLocation=
security.krb5.debug=
file://C:/usr/local/apache-tomcat-7.0.63/conf/tsg-nlb05.int.kronos.com.keytabsecurity.krb5.debug=false
Parent topic: Setup Security
1 Prior to application version 7.4.
2 Applicable as of application version 7.4.
3 The default security.profiles is SECURITY-WEB.