Configure the domain realm name, the key distribution centers for the realm, and the KDC timeout.
The realm is the name of an administrative entity that maintains authentication data. Selecting a descriptive name for the Kerberos authentication realm is important. Configure the realm, also known as the domain name, and the corresponding KDC service in Unified Access Gateway. When a UPN request comes to a specific realm, Unified Access Gateway internally resolves the KDC to use the Kerberos serviced ticket.
The convention is to make the realm name the same as your domain name, entered in uppercase letters. For example, a realm name is EXAMPLE.NET. The realm name is used by a Kerberos client to generate DNS names.
Starting with UAG 3.0, you can delete previously defined realms.
A server with Kerberos enabled with the realm names for the Key Distribution Centers to use identified.
- In the admin UI Configure Manually section, click Select.
- In the Realm Settings gearbox icon. section, select the
- Click Add.
- Complete the form.
Label Description Name of the realm Enter the realm with the domain name. Enter the realm in uppercase letters. The realm must match the domain name set up in the Active Directory. Key Distribution Centers Enter the KDC servers for the realm. Comma separate the list if adding more than one server. KDC Timeout (in seconds) Enter the time to wait for the KDC response. The default is 3 seconds.
- Click Save.
What to do next
Configure the keytab settings.