Symantec Access Management

  • 1.  Kerberos Authentication

    Posted May 03, 2017 09:51 AM

    Hi,

    Configure Kerberos Authentication

     

    https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/configuring/policy-server-configuration/authentication-schemes/configure-kerberos-authentication

     

    Use Case :

     

    Implement windows authentication with Siteminder.

    Customer has multiple forests and multiple domains.

    Assume that forest level and domain level trust does not exist.

     

    In this case, to achieve Kerberos authentication we think we have to use multiple KDC configurations in the Authentication Scheme. The documentation indicates that we can add multiple Kerberos realm and domain mapping. The documentation also indicates that we need to create two service accounts one of policy server and one for webagent. We need to create keytab file for each service account.

     

    Questions?

     

    Do we need service id for each KDC?

    How to we use multiple service id in the Kerberos configuration?

    Does policy server/webagent uses the keytab file to communicate to the KDC server?

    How do we configure multiple keytab file in the Kerberos configuration?

    For Kerberos Authentication to work, do we need Active Directory as User directory?

    Can we use Kerberos for authentication and use Oracle LDAP directory as user directory for authorization?



  • 2.  Re: Kerberos Authentication

    Posted May 08, 2017 11:02 AM

    For Kerberos Authentication to work, do we need Active Directory as User directory?

    > No. I have only seen AD integrations in the field

     

    Can we use Kerberos for authentication and use Oracle LDAP directory as user directory for authorization?

    > Yes, you should be able to