Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.5 Administration Guide
    7.4.5
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Kerberos

    Kerberos

    Kerberos authentication is a method for authenticating both explicit web proxy and transparent web proxy users. It has several advantages over NTLM challenge response:

    • Does not require FSSO/AD agents to be deployed across domains.

    • Requires fewer round-trips than NTLM SSO, making it less latency sensitive.

    • Is (probably) more scalable than challenge response.

    • Uses existing Windows domain components rather than added components.

    • NTLM may still be used as a fallback for non-Kerberos clients.

    To configure Kerberos authentication service, go to User & Authentication > Kerberos.

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New

    Create a Kerberos authentication service. See Create or edit a Kerberos authentication service.

    Edit

    Modify a Kerberos authentication service. See Create or edit a Kerberos authentication service.

    Delete

    Remove a Kerberos authentication service or services.

    Name

    The name of the Kerberos authentication service.

    Principal

    The server domain name of the Kerberos authentication service.

    LDAP Server

    The name of the LDAP server used for authorization.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
    Previous
    Next

    Kerberos

    Kerberos

    Kerberos authentication is a method for authenticating both explicit web proxy and transparent web proxy users. It has several advantages over NTLM challenge response:

    • Does not require FSSO/AD agents to be deployed across domains.

    • Requires fewer round-trips than NTLM SSO, making it less latency sensitive.

    • Is (probably) more scalable than challenge response.

    • Uses existing Windows domain components rather than added components.

    • NTLM may still be used as a fallback for non-Kerberos clients.

    To configure Kerberos authentication service, go to User & Authentication > Kerberos.

    Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

    The following options are available:

    Create New

    Create a Kerberos authentication service. See Create or edit a Kerberos authentication service.

    Edit

    Modify a Kerberos authentication service. See Create or edit a Kerberos authentication service.

    Delete

    Remove a Kerberos authentication service or services.

    Name

    The name of the Kerberos authentication service.

    Principal

    The server domain name of the Kerberos authentication service.

    LDAP Server

    The name of the LDAP server used for authorization.

    Ref.

    Displays the number of times the object is referenced to other objects.

    To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.
    Previous
    Next