Setting up Kerberos authentication for Ops Center

Ops Center Installation and Configuration Guide

Version
11.0.x
Audience
anonymous
Part Number
MK-99OPS001-23
You can configure Kerberos authentication for the Ops Center directory service.
Note: Whenever you make changes to Kerberos authentication, make sure to retest the authentication for the Directory service (in Manage users > User directories).
  1. Log in to the Ops Center portal as sysadmin or a user with opscenter-administrators membership.
  2. From the navigation bar, click Manage users and select User directories from the Asset type list.
  3. Click Kerberos connection settings.
  4. To use DNS instead of KDC to look up the Kerberos server, enable DNS lookup KDC.
  5. Use Clock skew to control the maximum time difference between the system clocks on the Ops Center server and the Kerberos server (default: 300 seconds). When this value is exceeded, an authentication error occurs.
  6. Enter the Realm name that identifies the Kerberos domain. The Realm name is case-sensitive and must match the realm to which you are linking. Although the realm can be any ASCII string, the convention is to make it the same as the domain name in upper-case letters (such as EXAMPLE.COM).
  7. If you are not using DNS, click +Add KDC to provide a list of Kerberos KDC server entries.
  8. Click Submit when the settings are complete.