You can use Kerberos to
natively authenticate end users and firewall or Panorama administrators
to an Active Directory domain controller or a Kerberos V5-compliant
authentication server. This authentication method is interactive,
requiring users to enter usernames and passwords.
To use a Kerberos server for authentication,
the server must be accessible over an IPv4 address. IPv6 addresses
are not supported.
Add a Kerberos
server profile.
The profile defines how the firewall connects to the Kerberos
server.
Select
Device
Server Profiles
Kerberos
or
Panorama
Server Profiles
Kerberos
on Panorama™ and
Add
a
server profile.
Enter a
Profile Name
to identify
the server profile.
Add
each server and specify
a
Name
(to identify the server), IPv4 address
or FQDN of the
Kerberos Server
, and optional
Port
number
for communication with the server (default 88).
If you use an FQDN address object to identify the
server and you subsequently change the address, you must commit
the change in order for the new server address to take effect.
End user access to services and applications—Assign the authentication
profile you configured to an authentication enforcement object and
assign the object to Authentication policy rules. For the full procedure
to configure authentication for end users, see Configure
Authentication Policy.