To change the realm after the initial configuration, you must add the new realm name and reinitialize the KDC service.

To initialize KDC, you assign your Workspace ONE Access hostname to the Kerberos realms. The domain name is entered in upper-case letters. If you are configuring multiple Kerberos realms, to help identify the realm, use descriptive names that end with your Workspace ONE Access domain name. For example, SALES.MY-WORKSPACEONEACCESS.EXAMPLE.COM. If you configure subdomains, type the subdomain name in lower-case letters.

Procedure

  1. SSH into the Workspace ONE Access appliance as the root user.
  2. Initialize the KDC. Enter /etc/init.d/vmware-kdc init --realm {REALM.COM} --subdomain {sva-name.subdomain} --force.
    For example, /etc/init.d/vmware-kdc init --realm MY-IDM.EXAMPLE.COM --subdomain my-idm.example.com --force
    If you are using a load balancer with multiple Workspace ONE Access appliances, use the name of the load balancer in both cases.
  3. Restart the Workspace ONE Access service. Enter service horizon-workspace restart.
  4. Start the KDC service. Enter service vmware-kdc restart.

Results

The realm name is updated in the iOS KdcKerberosAuthAdapter authentication method configuration page.