user kerberos-user

Use this command to specify a Kerberos Key Distribution Center (KDC) that FortiWeb can use to obtain a Kerberos service ticket for web applications on behalf of clients.

Because FortiWeb determines the KDC to use based on the realm of the web application, you do not have to specify the KDC in the site publish rule.

For details, see waf site-publish-helper rule and the FortiWeb Administration Guide:

HTTPs://docs.fortinet.com/fortiweb/admin-guides

To use this command, your administrator account’s access control profile must have either w or rw permission to the authusergrp area. For details, see Permissions.

Syntax

config user kerberos-user

edit "<kdc_name>"

set realm "<realm_str>"

set shortname <shortname _str>

set status {enable | disable}

config server-members

edit "<entry_index>"

set server <server_str>

set port <port_int>

next

end

next

end

Variable	Description	Default
"<kdc_name>"	Enter the name of the Key Distribution Center (KDC).	No default.
realm "<realm_str>"	Enter the domain of the domain controller (DC) that the Key Distribution Center (KDC) belongs to.	No default.
shortname <shortname _str>	Enter the shortname for the realm you specified (This is optional). A shortname is an alias of the delegated realm; it can be any set of characters except for symbols "@", "/" and "\". For example, the shortname can include the domain name of the realm that is not fully qualified. With a shortname being configured, the format of UPN can be username@shortname.	No default.
status {enable | disable}	Specify whether the KDC configuration is enabled.	enable
server <server_str>	Enter the IP address of the KDC.	No default.
port <kdc-port_int>	Enter the port the KDC uses to listen for requests.	No default.
"<entry_index>"	Enter the index number of the server in the table.	No default.

Related topics

• waf site-publish-helper rule
• waf site-publish-helper keytab_file