Kerberos uses SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) for authentication.
Kerberos will automatically log in authorized users when using the /api/auth REST endpoint. If using Microsoft Windows, logging into your Windows domain is usually sufficient to issue your Kerberos credentials.
On Linux, if you use Kerberos with PAM, your Kerberos credentials should be already available
to Kerberos-enabled browsers. Otherwise, you will need to authenticate to the KDC manually using
kinit at the
command line and start your browser from the same terminal.
In order to use Kerberos authentication in Lenses, both a static configuration
Connection is required.
- Static configuration
To set up Kerberos you need a Kerberos principal and a password-less keytab. Add them in
security.confbefore starting Lenses:
- Kerberos Connection
Connectionshould be defined in order to use a proper
krb5.conffile. See more
Kerberos by design focuses on authentication only. It provides the user’s principal, and is not managing user groups. Read how to create groups of users with permissions .