Fortinet black logo

Administration Guide

Home FortiProxy 7.2.0 Administration Guide
7.2.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.10
7.2.9
7.2.8
7.2.7
7.2.0
7.0.17
7.0.0
2.0.0
1.2.0
1.1.0
1.0.0

Kerberos

Kerberos

Kerberos authentication is a method for authenticating both explicit web proxy and transparent web proxy users. It has several advantages over NTLM challenge response:

  • Does not require FSSO/AD agents to be deployed across domains.

  • Requires fewer round-trips than NTLM SSO, making it less latency sensitive.

  • Is (probably) more scalable than challenge response.

  • Uses existing Windows domain components rather than added components.

  • NTLM may still be used as a fallback for non-Kerberos clients.

To configure Kerberos authentication service, go to User & Authentication > Kerberos.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a Kerberos authentication service. See Create or edit a Kerberos authentication service.

Edit

Modify a Kerberos authentication service. See Create or edit a Kerberos authentication service.

Delete

Remove a Kerberos authentication service or services.

Name

The name of the Kerberos authentication service.

Principal

The server domain name of the Kerberos authentication service.

LDAP Server

The name of the LDAP server used for authorization.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
Previous
Next

Kerberos

Kerberos authentication is a method for authenticating both explicit web proxy and transparent web proxy users. It has several advantages over NTLM challenge response:

  • Does not require FSSO/AD agents to be deployed across domains.

  • Requires fewer round-trips than NTLM SSO, making it less latency sensitive.

  • Is (probably) more scalable than challenge response.

  • Uses existing Windows domain components rather than added components.

  • NTLM may still be used as a fallback for non-Kerberos clients.

To configure Kerberos authentication service, go to User & Authentication > Kerberos.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New

Create a Kerberos authentication service. See Create or edit a Kerberos authentication service.

Edit

Modify a Kerberos authentication service. See Create or edit a Kerberos authentication service.

Delete

Remove a Kerberos authentication service or services.

Name

The name of the Kerberos authentication service.

Principal

The server domain name of the Kerberos authentication service.

LDAP Server

The name of the LDAP server used for authorization.

Ref.

Displays the number of times the object is referenced to other objects.

To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
Previous
Next