Open with table of contents

Kerberos Authentication and Basic Authentication using the Kerberos Distribution Center

Using this method of authentication, users are automatically authenticated against a Kerberos Distribution Center, and do not need to enter authentication details when connecting their browser to the Clearswift Gateway. If the user's browser cannot authenticate using Kerberos, Basic Authentication is tried, and the user is prompted to enter their user name and password.

To configure Kerberos Authentication and Basic Authentication using the Kerberos Distribution Center:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Move the mouse pointer over the User Authentication is Disabled/Enabled section, and click Click here to change these settings.
  4. Select Kerberos Authentication and Basic Authentication using Kerberos Distribution Center, and click Save.
  5. Move the mouse pointer over the Basic Realm Identifier section, and click Click here to change these settings.
  6. Type the name of the Basic Realm identifier to be used, and click Save. The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'CLEARSWIFT SECURE Web Gateway'.
  7. Move the mouse pointer over the Kerberos Distribution Center section, and click Click here to change these settings.
  8. Enter the domain name of the Key Distribution Center that will validate user's authentication details, and click Save.
  9. Move the mouse pointer over the Kerberos Key Tab File section, and click Click here to change these settings.
  10. Enter, or browse to, the location of the Kerberos key tab file to import into the Gateway, and click Save.
  11. Move the mouse pointer over the Apache Access Log section, and click Click here to change these settings. To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.
 
  • If you are using Kerberos authentication, Network Time Protocol (NTP) must be enabled. You configure this setting on the Date and Time Settings page.
  • When you have finished modifying your content security policy you must apply the configuration for any changes to take effect. If you have a group of Peer Gateways, ensure that your new configuration is applied to all Gateways in the group.

After you have applied your configuration, you can verify that users are being correctly authenticated.

To test authentication:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Click Test Authentication. The Test Authentication dialog appears.
  4. Enter a valid user name and password combination, and click Run Test.

 

© 1995–2018 Clearswift Ltd.