Kerberos

This page describes configuring Lenses with Kerberos.

Deprecated in Lenses 6.0

Kerberos uses SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) for authentication.

Kerberos will automatically log in authorized users when using the /api/auth REST endpoint. If using Microsoft Windows, logging into your Windows domain is usually sufficient to issue your Kerberos credentials.

On Linux, if you use Kerberos with PAM, your Kerberos credentials should be already available to Kerberos-enabled browsers. Otherwise, you will need to authenticate to the KDC manually using kinit at the command line and start your browser from the same terminal.

Configuration

In order to use Kerberos authentication in Lenses, both a static configuration and Kerberos Connection is required.

Static configuration To set up Kerberos you need a Kerberos principal and a password-less keytab. Add them in security.conf before starting Lenses:

lenses.security.kerberos.service.principal="HTTP/lenses.url[@REALM]"
lenses.security.kerberos.keytab=/path/to/lenses.keytab

Kerberos Connection A Kerberos Connection should be defined in order to use a proper krb5.conf

PreviousFAQs NextGroups

Last updated 1 month ago