Kerberos Keytab Screens
3 minute read.
Kerberos is a computer network security protocol. It authenticates service requests between trusted hosts across an untrusted network (i.e., the Internet).Kerberos is extremely complex. Only system administrators experienced with configuring Kerberos should attempt it. Misconfiguring Kerberos settings, realms, and keytabs can have a system-wide impact beyond Active Directory or LDAP, and can result in system outages. Do not attempt configure or make changes if you do not know what you are doing!
If you configure Active Directory, TrueNAS populates the realm fields and the keytab with what it discovers in AD. You can configure LDAP to communicate with other LDAP severs using Kerberos, or NFS if it is properly configured, but TrueNAS does not automatically add the realm or key tab for these services.
After AD populates the Kerberos realm and keytabs, do not make changes. Consult with your IT or network services department, or those responsible for the Kerberos deployment in your network environment for help. For more information on Kerberos settings refer to the MIT Kerberos Documentation.
The Kerberos Keytab widget in the Advanced Settings on the Directory Services screen displays added keytabs.
Add opens the Add Kerberos Keytab configuration screen.
Sync synchronizes Kerberos keytabs with Active Directory. This button only appears when the system is joined to Active Directory. Click Sync to open the synchronization confirmation dialog.
Click on any keytab instance to open the Edit Kerberos Keytab screen.
The Kerberos Keytab widget header opens the Kerberos Keytabs screen.
The Kerberos Keytabs screen displays a list view of keytabs configured on your TrueNAS system.
Actions includes options to Add a new keytab or Sync keytabs with Active Directory:
Add opens the Add Kerberos Keytab screen.
Sync synchronizes Kerberos keytabs with Active Directory. This button only appears when the system is joined to Active Directory. Click Sync to open the synchronization confirmation dialog.
The button opens the actions options for the selected keytab. Options are Edit which opens the Edit Kerberos Keytab screen for the selected keytab, and Delete that opens a delete confirmation dialog.
The settings found on the Add Kerberos Keytab and Edit Kerberos Keytab screens are the same.
Kerberos is extremely complex. Only system administrators experienced with configuring Kerberos should attempt it. Misconfiguring Kerberos settings, realms, and keytabs can have a system-wide impact beyond Active Directory or LDAP, and can result in system outages. Do not attempt configure or make changes if you do not know what you are doing!
| Setting | Description |
|---|---|
| Name | Enter a name for this Keytab. If configured, TrueNAS populates this field with what it detects in Active Directory. |
| Kerberos Keytab | Browse to the keytab file to upload. |