Fortinet black logo

CLI Reference

6.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.0.0
5.6.0
5.4.0
5.2.0
5.0.0

user krb-keytab

user krb-keytab

Use this command to configure Kerberos keytab entries. Keytab files are used to authenticate to various remote systems using Kerberos without entering a password, and without requiring human interaction or access to password stored in a plain-text file. The script is then able to use the acquired credentials to access files stored on a remote system.

config user krb-keytab
    edit {name}
    # Configure Kerberos keytab entries.
        set name {string}   Kerberos keytab entry name. size[35]
        set principal {string}   Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. size[511]
        set ldap-server {string}   LDAP server name. size[35] - datasource(s): user.ldap.name
        set keytab {string}   base64 coded keytab file containing a pre-shared key. size[2047]
    next
end

Additional information

The following section is for those options that require additional explanation.

keytab <keytab>

The base64 coded keytab file containing a pre-shared key.

ldap-server <server>

The LDAP server name.

principal <principal>

The Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM.

Previous
Next

user krb-keytab

Use this command to configure Kerberos keytab entries. Keytab files are used to authenticate to various remote systems using Kerberos without entering a password, and without requiring human interaction or access to password stored in a plain-text file. The script is then able to use the acquired credentials to access files stored on a remote system.

config user krb-keytab
    edit {name}
    # Configure Kerberos keytab entries.
        set name {string}   Kerberos keytab entry name. size[35]
        set principal {string}   Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. size[511]
        set ldap-server {string}   LDAP server name. size[35] - datasource(s): user.ldap.name
        set keytab {string}   base64 coded keytab file containing a pre-shared key. size[2047]
    next
end

Additional information

The following section is for those options that require additional explanation.

keytab <keytab>

The base64 coded keytab file containing a pre-shared key.

ldap-server <server>

The LDAP server name.

principal <principal>

The Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM.

Previous
Next