Configure the domain realm name, the key distribution centers for the realm, and the KDC timeout.

About this task

The realm is the name of an administrative entity that maintains authentication data. Selecting a descriptive name for the Kerberos authentication realm is important. Configure the realm, also known as the domain name, and the corresponding KDC service in Unified Access Gateway. When a UPN request comes to a specific realm, Unified Access Gateway internally resolves the KDC to use the Kerberos serviced ticket.

The convention is to make the realm name the same as your domain name, entered in uppercase letters. For example, a realm name is EXAMPLE.NET. The realm name is used by a Kerberos client to generate DNS names.

Starting with UAG 3.0, you can delete previously defined realms.

Prerequisites

A server with Kerberos enabled with the realm names for the Key Distribution Centers to use identified.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the Advanced Settings > Identity Bridging Settings section, select the Realm Settings gearbox icon.
  3. Click Add.
  4. Complete the form.

    Label

    Description

    Name of the realm

    Enter the realm with the domain name. Enter the realm in uppercase letters. The realm must match the domain name set up in the Active Directory.

    Key Distribution Centers

    Enter the KDC servers for the realm. Comma separate the list if adding more than one server.

    KDC Timeout (in seconds)

    Enter the time to wait for the KDC response. The default is 3 seconds.

  5. Click Save.

What to do next

Configure the keytab settings.