Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

user kerberos-user

Use this command to specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For details, see waf site-publish-helper rule and the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user kerberos-user

edit "<kdc_name>"

set realm "<realm_str>"

set server "<kdc-server_ip>"

set port <kdc-port_int>

set status <kdc_status>

next

end

Variable Description Default

"<kdc_name>"

Enter the name of the Key Distribution Center (KDC). No default.

realm "<realm_str>"

Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to. No default.

server "<kdc-server_ip>"

Enter the IP address of the KDC.

In most cases, the KDC is located on the same server as the DC.

No default.

port <kdc-port_int>

Enter the port the KDC uses to listen for requests. No default.

status <kdc_status>

Specify whether the KDC configuration is enabled. enable

Related topics

user kerberos-user

Use this command to specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For details, see waf site-publish-helper rule and the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user kerberos-user

edit "<kdc_name>"

set realm "<realm_str>"

set server "<kdc-server_ip>"

set port <kdc-port_int>

set status <kdc_status>

next

end

Variable Description Default

"<kdc_name>"

Enter the name of the Key Distribution Center (KDC). No default.

realm "<realm_str>"

Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to. No default.

server "<kdc-server_ip>"

Enter the IP address of the KDC.

In most cases, the KDC is located on the same server as the DC.

No default.

port <kdc-port_int>

Enter the port the KDC uses to listen for requests. No default.

status <kdc_status>

Specify whether the KDC configuration is enabled. enable

Related topics