Manage Kerberos access

Open

When configuring Kerberos access, you can choose between allowing Kerberos authentication for all users, denying Kerberos authentication for all users, or allowing Kerberos authentication for some users depending on their user directory and group memberships.

If you select “Allow Kerberos for some users”, more options will become available on the page as shown below:

Open

Note that the save-button is disabled. This is because the current configuration has not selected either directory-based or group-based access.

When you select “Allow for users in specific directories”, you will get an overview over all enabled user directories in your instance. You can allow Kerberos authentication for a directory by toggling the button in “Kerberos login allowed directory” on.

Similarly, if you want to manage Kerberos access based on a user’s group memberships you can either select “Allow for users in certain groups” or “Deny for users in certain groups”.

If you have selected to manage Kerberos access based on both user directory and user groups, you will get another element at the bottom of the page named “Access logic”. If you select “Grant access if user is in a group or in a directory”, the user will only need to either be in a selected user directory or have the correct group memberships. If you select “Grant access if user is in a group and in a directory” the user will only be allowed to authenticate with Kerberos if they are both in an allowed directory and have the correct group memberships. Note that the text will change if group membership is set to “Deny for users in certain groups”.