Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

user krb-keytab

Use this command to configure Kerberos keytab entries. Keytab files are used to authenticate to various remote systems using Kerberos without entering a password, and without requiring human interaction or access to password stored in a plain-text file. The script is then able to use the acquired credentials to access files stored on a remote system.

config user krb-keytab
    edit {name}
    # Configure Kerberos keytab entries.
        set name {string}   Kerberos keytab entry name. size[35]
        set principal {string}   Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. size[511]
        set ldap-server {string}   LDAP server name. size[35] - datasource(s): user.ldap.name
        set keytab {string}   base64 coded keytab file containing a pre-shared key. size[2047]
    next
end

Additional information

The following section is for those options that require additional explanation.

keytab <keytab>

The base64 coded keytab file containing a pre-shared key.

ldap-server <server>

The LDAP server name.

principal <principal>

The Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM.

user krb-keytab

Use this command to configure Kerberos keytab entries. Keytab files are used to authenticate to various remote systems using Kerberos without entering a password, and without requiring human interaction or access to password stored in a plain-text file. The script is then able to use the acquired credentials to access files stored on a remote system.

config user krb-keytab
    edit {name}
    # Configure Kerberos keytab entries.
        set name {string}   Kerberos keytab entry name. size[35]
        set principal {string}   Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM. size[511]
        set ldap-server {string}   LDAP server name. size[35] - datasource(s): user.ldap.name
        set keytab {string}   base64 coded keytab file containing a pre-shared key. size[2047]
    next
end

Additional information

The following section is for those options that require additional explanation.

keytab <keytab>

The base64 coded keytab file containing a pre-shared key.

ldap-server <server>

The LDAP server name.

principal <principal>

The Kerberos service principal, e.g. HTTP/fgt.example.com@EXAMPLE.COM.