Creating and configuring a Kerberos Realm - BlueCat Integrity - 9.5.0

Address Manager Administration Guide

Product name
BlueCat Integrity

A Kerberos Realm defines an authentication boundary within which a server has authority to authenticate a service, host, or user. You need to define the Kerberos realm in Address Manager, to match the domain name in Active Directory.

If you are running multiple child domain servers and wish to use the GSS-TSIG protocol for secure DDNS updates, you must create a Kerberos realm for each child domain along with a Kerberos realm for the parent domain.
Note: Adding or removing a Kerberos Realm in Address Manager and deploying DHCP requires a restart of DHCP service, resulting in a service outage.

To create a Kerberos Realm:

  1. From the configuration drop-down menu, select a configuration.
  2. Select one of the following tabs: IP Space, DNS, Devices, TFTP, or Servers. Tabs remember the page you last worked on, so select the tab again to ensure you're on the Configuration information page.
  3. Click the Kerberos Realms tab.
  4. Under Kerberos Realms, click New.
  5. Under General, set the realm name and domain:
    • Name—enter the name for the Kerberos realm in UPPERCASE CHARACTERS.
    • Domain—enter the domain name for the Kerberos realm in lowercase characters.
  6. Under Change Control, add comments, if required.
  7. Click Add.