11.3.5. Procedure – Kerberos authentication settings


To perform authentication with Kerberos, complete the following steps:


If Kerberos authentication has been configured for the connection, it is not possible to fall back to other authentication methods.


Before configuring Kerberos authentication on PSM, make sure you have configured your Kerberos environment correctly and have retrieved the keytab file. For details, see Procedure 11.3.4, Configuring your Kerberos environment.


  1. Navigate to SSH Control > Authentication Policies.

  2. Create a new Authentication Policy and enable GSSAPI-based single sign-on. This will disable all other authentication methods. Click .

  3. Navigate to SSH Control > Global Options > GSSAPI.

  4. Browse for the Kerberos keytab file, and click Upload. The uploaded principals are displayed in Currently uploaded principals.

  5. Optional step: If more than one realm is deployed on your network, you have to specify the mapping from the server's DNS domain name to the name of its realm. To map hostnames onto Kerberos realms, click .

  6. Navigate to SSH Control > Connections and configure the SSH connection as follows. For details on configuring connections in general, see Procedure 7.1, Configuring connections.

    1. Select Use fix address or Inband destination selection as Target.

    2. Select the Kerberos Authentication policy.


    Usermapping policies cannot be used with Kerberos Authentication policy.