Disable Kerberos for some users

Owned by August Heltne
Last updated: Sept 18, 2024 by Steinar Line
1 min read

Kerberos authentication can be limited to to specific users, specific IP address ranges and/or User-Agents.

On this page as the screenshot below shows you can configure what user directories or for what groups the identity from Kerberos should be used. If a user is not in the specified directory or group it will not be logged in by Kerberos. This may be used for avoiding Kerberos logins for certain admin users or other users where you want other SSO mechanisms like SAML or OIDC to be easier available.

Another way of avoiding a Kerberos login is by adding ?nokerberos or ?nokerberosSession to the URL.

image-20240904-130405.png