Configuring the Kerberos Service principal in Address Manager - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.5.0

A service principal is the name by which a client uniquely identifies an instance of a service, and is associated with the security principal in whose security context the service executes. To add a service principal, you must first create a Kerberos Realm and add a Key Distribution Center.

To add a DNS service principal for a Kerberos Realm:

  1. From the configuration drop-down menu, select a configuration.
  2. Select one of the following tabs: IP Space, DNS, Devices, TFTP, or Servers. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Select the Kerberos Realms tab. Under Kerberos Realms, click the name of a Kerberos realm.
  4. Click the Service Principals tab and click New.
  5. Under General, set the name, key version number, and password:
    • Name—enter the name for the Kerberos service principal defined in the User Logon name field in Windows configuration section. The typical syntax for service principal names is primary/instance. Primary is either a username or the name of a service. Instance provides information that qualifies the primary, such as describing the intended use of the credentials for a user or the fully qualified hostname for a host. Example: DNS/<adonis server name>.example.com
    • Key Version Number—enter the msDS-KeyVersionNumber attribute value as displayed in ADSI Edit on the Windows DC for the principal’s Kerberos key. If you use ktpass command, the key version number (vno#) value can be found in the output .keytab file.
    • Password—enter the principal’s Kerberos password. This is the AD user account password created on Windows DC.
  6. Under KDCs, leave the Override Realm KDCs check box unchecked to have all available KDCs automatically assigned in order.
  7. Under Change Control, add comments, if required.
  8. Click Add.