Configuring a Kerberos Key Distribution Center (KDC)

Users : Offloading HTTP authentication & authorization : Configuring queries for remote end-user accounts : Configuring a Kerberos Key Distribution Center (KDC)

You can specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For more information, see “Using Kerberos authentication delegation” and “Offloaded authentication and optional SSO configuration”.

To configure a KDC server

1. Go to User > Remote Server > KDC Server.

To access this part of the web UI, your administrator's account access profile must have Read and Write permission to items in the Auth Users category. For details, see “Permissions”.

2. Click Create New and complete the following settings:


Setting name	Description
Name	Enter a name that can be referenced by other parts of the configuration.
Delegated Realm	Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to.
Server IP	Enter the IP address of the KDC. In most cases, the KDC is located on the same server as the DC.
Port	Enter the port the KDC uses to listen for requests.

3. Click OK.