Manage the Keytab file detailsΒΆ
The Keytab file content is used for integrating with Kerberos authentication. It contains a key material that allows a server to authenticate itself to a Kerberos Key Distribution Center (KDC). On the BIG-IP Next Central Manager, users can upload and view Keytab file details while working with specific Access policy Rules, such as Kerberos Authentication and Active Directory Authentication.
Follow the steps to manage and view the Keytab files on the BIG-IP Next Central Manager:
Log in to the BIG-IP Next Central Manager. Navigate to the Go to Security Workspace > Security > Access > Policies.
Click the Start Creating button and select the required policy type. Available options are the Per-Session Policy and Per-Request Policy. For more information regarding the creation of the policies, refer to the How To: Create and manage policies using BIG-IP Central Manager.
On the selected policy type panel, navigate to the Policy Configurations > General Properties tab and add the name of the policy in the Policy Name text box. Click Continue.
Retain the other policy configurations to the default values. Click Continue to the end of all tabs. The Visual Policy Designer (VPD) canvas opens.
Add the Empty Flow to the policy. Add the Kerberos Authentication Rule to the Flow.
Click the Kerberos Authentication Rule edit icon in the canvas.
On the Kerberos Authentication panel, click the Rule Properties tab and retain all the options to default values. Click Continue.
Click the Kerberos Server tab. On the Kerberos Server panel, click Start Creating.
Under the Server Settings, enter the name in the Service Name text box and provide the value in the Authentication Realm textbox. For the Keytab File, click Choose File to upload the required Keytab File. Click Save.
Click Continue and click Finish.
To access the Keytab files in the Active Directory Authentication, add the Active Directory Authentication Rule to the Flow in the existing access policy object.
Click the Active Directory Authentication Rule edit icon in the canvas.
On the Active Directory Authentication panel, click the Rule Properties tab and retain all the options to default values. Click Continue.
Click the Active Directory Server tab. Under the Domain Settings, enter the name in the Domain textbox and retain all the other options to default values.
Under the Kerberos Settings, click the KDC validation checkbox. Additional options appear.
Add a name in the Service Name textbox and click Browse to upload the required Keytab File. Click Continue.
Click Finish and click Save to save the configured policy.
After the policy is saved, the user can access Keytab file details available on the Visual Policy Designer. Navigate to the Server Settings and click the uploaded Keytab file name to view the Keytab file details on the panel.