Kerberos
- Enabled: Toggle must be set to ON. If provider is disabled it will not be considered for queries and imported users will be disabled and read only until the provider is enabled again.
- Console Display Name: The display name of the provider when linked in the Admin Console.
- Priority: Priority of the provider when performing a User search. This section is not applicable for LDAP.
- Kerberos Realm: Name of kerberos realm. For example: FOO.ORG.
- Server Principal: Full name of server principal for HTTP service including server and domain name. For example: HTTP/host.foo.org@FOO.ORG
- KeyTab: Location of Kerberos KeyTab file containing the credentials of server principal. For example: /etc/krb5.keytab
- Debug: Enable/disable debug logging to standard output for Krb5LoginModule.
- Allow Password Authentication: Enable/disable possibility of username/password authentication against Kerberos database.
- Edit Mode - Select one of the following from the drop-down list.
- READ_ONLY: The password updates are not allowed and user always authenticates with Kerberos password.
- UNSYNCED: User can change his password in FactoryTalk Analytics Security database and use this password instead of Kerberos password.
- Updated Profile First Login: To update the user profile when logged in for the first time.
- Cache Settings – Cache PolicyThe drop-down list provides the cache policy options for this storage provider.
- Default – The default settings for the global user cache.
- EVICT_DAILY – A time of day, which occurs every day that the User cache will be invalidated.
- EVICT_WEEKLY – A day of the week and time the cache will be invalidated.
- MAX_LIFESPAN – The time in milliseconds that will be the lifespan of a cache entry.
- NO_CACHE – It means that there is no caching.NOTE:This option may cause performance issues.User Federation
Provide Feedback