TrueNAS Early Release Documentation
This content follows TrueNAS 25.10 (Goldeye) early release versions. Pre-release software is intended for testing purposes only.
Use the Product and Version selectors above to view content specific to a different software release.
Kerberos Realms Screens
3 minute read.
Kerberos is a computer network security protocol. It authenticates service requests between trusted hosts across an untrusted network (i.e., the Internet).Kerberos is extremely complex. Only system administrators experienced with configuring Kerberos should attempt it. Misconfiguring Kerberos settings, realms, and keytabs can have a system-wide impact beyond Active Directory or LDAP, and can result in system outages. Do not attempt configure or make changes if you do not know what you are doing!
If you configure Active Directory, TrueNAS populates the realm fields and the keytab with what it discovers in AD. You can configure LDAP to communicate with other LDAP severs using Kerberos, or NFS if it is properly configured, but TrueNAS does not automatically add the realm or key tab for these services.
After AD populates the Kerberos realm and keytabs, do not make changes. Consult with your IT or network services department, or those responsible for the Kerberos deployment in your network environment for help. For more information on Kerberos settings refer to the MIT Kerberos Documentation.
The Kerberos Realms widget in the Advanced Settings on the Directory Services screen displays currently configured realms.
Add opens the Add Kerberos Realm configuration screen.
Click on any instance to open the Edit Kerberos Realm screen.
Click on the Kerberos Realms widget header to open the Kerberos Realms screen.
The Kerberos Settings configuration screen is available for advanced Kerberos configuration.
Actions includes the option to Add a new realm. Add opens the Add Kerberos Realm screen.
The button opens the actions options for the selected realm. Options are Edit which opens the Edit Kerberos Realm screen for the selected realm, and Delete that opens a delete confirmation dialog.
Kerberos is extremely complex. Only system administrators experienced with configuring Kerberos should attempt it. Misconfiguring Kerberos settings, realms, and keytabs can have a system-wide impact beyond Active Directory or LDAP, and can result in system outages. Do not attempt configure or make changes if you do not know what you are doing!
| Setting | Description |
|---|---|
| Realm | (Required) Enter the name of the realm as a domain name, For example, example.com. AD configured TrueNAS systems pre-populate this field with the required information. |
| KDC | Enter the name of the Key Distribution Center (KDC).The KDC acts as as the third-party authentication service for Kerberos. Separate multiple values by pressing Enter. For example, kdc1.example.com press Enter then kdc2.example.com. |
| Primary KDC | Specifies the primary Key Distribution Center(KDC) for the realm. The Kerberos client uses this KDC when acquiring credentials if the current KDC fails with a bad password error. This is valuable for domains with hub-and-spoke topology where password changes slowly propagate from the hub to the spoke. |
| Admin Server | Define the server that performs all database changes. Separate multiple values by pressing Enter. |
| Password Server | Define the server that performs all password changes. Separate multiple values by pressing Enter. |