Jump to: navigation, search

Kerberos Configuration Options

This section describes the configuration options used to configure Kerberos on Configuration Server and Configuration Server Proxy.

Important
Configuration section names, configuration option names, and predefined option values are case-sensitive. Type them in the configuration file or Genesys Administrator exactly as they are documented in this chapter.

Setting Configuration Options

Unless otherwise specified, set Kerberos configuration options at the following location:

  • In the Options tab of the Configuration Server or Configuration Server Proxy Application object

This will turn on Kerberos external authentication for all users.

Mandatory Options

All options are in this section are mandatory. They must be set before using Kerberos.

 

authentication Section

This section is mandatory on the server level to enable external authentication.

This section must be called authentication .

library

  • Default Value: No default value
  • Valid Values: Depends on type configuration option, as follows:
gauth_ldap All
gauth_radius All
gauth_ldap, gauth_radius Configuration Server, Configuration Server Proxy
gauth_radius, gauth_ldap Configuration Server, Configuration Server Proxy
internal Tenant, Person
  • Changes Take Effect: Upon restart of Configuration Server or Configuration Server Proxy
  • Description: Specifies the section that specifies the external authentication parameters. This option is mandatory, and its value is set automatically during installation. If this Configuration Server or Configuration Server Proxy was previously configured for another type of authentication, such as RADIUS, you must manually add “, gauth_kerebos ” to the value of this option.

When set to ‘internal’ , all users associated with the object in which the object is set to this value are validated internally.

gauth_kerberos Section

This section is mandatory, and contains information about the Kerberos installation on this Configuration Server or Configuration Server Proxy.

This section must be called gauth_kerberos .

A Kerberos installation is defined using the following options, described in this section:

SPN

realm

keytab

Set these options on the Options tab of the Configuration Server or Configuration Server Proxy Application object, in the gauth_kerberos section.

Important
These options must be set before using Kerberos.

SPN

  • Default Value: Empty string
  • Valid Value: Any valid name
  • Changes Take Effect: Immediately

The Service Principal Name, in the format service/hostname , the same as that used by a client in the service parameter. This name must be registered with the key distribution center to which this configuration is pointing (as defined by the platform-specific configuration).

realm

  • Default Value: Empty string
  • Valid Value: Any valid name
  • Changes Take Effect: Immediately

The name of the Kerberos infrastructure, as known by the MIT client library and/or the key distribution server being used. The value must be specified in all upper-case letters in the form of a domain address (ENTITY.SUBDOMAIN.ROOTDOMAIN ).

keytab

  • Default Value: Empty string
  • Valid Value: Any valid name
  • Changes Take Effect: Immediately

The name of the keytab file that is generated by the key distribution center and propagated to the host on which this Configuration Server or Configuration Server Proxy is running. This file must exist in the installation directory of this Configuration Server (primary or backup) or Configuration Server Proxy.

This page was last edited on August 1, 2014, at 14:21.
Comments or questions about this documentation? Contact us for support!