Fortinet black logo

CLI Reference

user kerberos-user

user kerberos-user

Use this command to specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For details, see waf site-publish-helper rule and the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user kerberos-user

edit "<kdc_name>"

set realm "<realm_str>"

set shortname <shortname _str>

set status {enable | disable}

config server-members

edit "<entry_index>"

set server <server_str>

set port <port_int>

next

end

next

end

Variable Description Default

"<kdc_name>"

Enter the name of the Key Distribution Center (KDC). No default.

realm "<realm_str>"

Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to. No default.

shortname <shortname _str>

Enter the shortname for the realm you specified (This is optional). A shortname is an alias of the delegated realm; it can be any set of characters except for symbols "@", "/" and "\". For example, the shortname can include

the domain name of the realm that is not fully qualified. With a shortname being configured, the format of UPN can be username@shortname.

No default.

status {enable | disable}

Specify whether the KDC configuration is enabled. enable

server <server_str>

Enter the IP address of the KDC.

No default.

port <kdc-port_int>

Enter the port the KDC uses to listen for requests. No default.

"<entry_index>"

Enter the index number of the server in the table.

No default.

Related topics

user kerberos-user

Use this command to specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For details, see waf site-publish-helper rule and the FortiWeb Administration Guide:

https://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user kerberos-user

edit "<kdc_name>"

set realm "<realm_str>"

set shortname <shortname _str>

set status {enable | disable}

config server-members

edit "<entry_index>"

set server <server_str>

set port <port_int>

next

end

next

end

Variable Description Default

"<kdc_name>"

Enter the name of the Key Distribution Center (KDC). No default.

realm "<realm_str>"

Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to. No default.

shortname <shortname _str>

Enter the shortname for the realm you specified (This is optional). A shortname is an alias of the delegated realm; it can be any set of characters except for symbols "@", "/" and "\". For example, the shortname can include

the domain name of the realm that is not fully qualified. With a shortname being configured, the format of UPN can be username@shortname.

No default.

status {enable | disable}

Specify whether the KDC configuration is enabled. enable

server <server_str>

Enter the IP address of the KDC.

No default.

port <kdc-port_int>

Enter the port the KDC uses to listen for requests. No default.

"<entry_index>"

Enter the index number of the server in the table.

No default.

Related topics