Configure the domain realm name, the key distribution centers for the realm, and the KDC timeout.

The realm is the name of an administrative entity that maintains authentication data. Selecting a descriptive name for the Kerberos authentication realm is important. Configure the realm, also known as the domain name, and the corresponding KDC service in Unified Access Gateway. When a UPN request comes to a specific realm, Unified Access Gateway internally resolves the KDC to use the Kerberos serviced ticket.

The convention is to make the realm name the same as your domain name, entered in uppercase letters. For example, a realm name is EXAMPLE.NET. The realm name is used by a Kerberos client to generate DNS names.

Starting with Unified Access Gateway version 3.0, you can delete previously defined realms.

Important: In case of a cross domain set up, add details of all the realms including primary and secondary or sub-domains and associated KDC information. Ensure that trust is enabled between realms.

Prerequisites

A server with Kerberos enabled with the realm names for the Key Distribution Centers to use identified.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the Advanced Settings > Identity Bridging Settings section, select the Realm Settings gearbox icon.
  3. Click Add.
  4. Complete the form.
    Label Description
    Name of the realm Enter the realm with the domain name. Enter the realm in uppercase letters. The realm must match the domain name set up in the Active Directory.
    Key Distribution Centers Enter the KDC servers for the realm. Comma separate the list if adding more than one server.
    KDC Timeout (in seconds) Enter the time to wait for the KDC response. The default is 3 seconds.
  5. Click Save.

What to do next

Configure the keytab settings.