Kerberos
Kerberos is different from other authentication methods. Instead of letting authentication take place between each client host and each server, Kerberos uses symmetrical encryption, the key distribution center (KDC, Key Distribution Center) to authenticate users on a network.
During the authentication process, the Stormshield Network firewall acts as a client which requests authentication on behalf of the user. This means that even if the user has already authenticated with the KDC to open his Windows session, for example, it is still necessary to re-authenticate with this server even if connection information is the same, in order to pass through the Firewall.
After having selected your authentication method from the left column, you may enter information about it in the right column, which sets out the following elements:
| Domain name (FQDN) | Domain name assigned to the Active Directory server for the Kerberos authentication method. Defining this domain name allows masking the server’s IP address and simplifying the search for it. Example: www.company.com: company.com represents the domain name, which is more legible than its corresponding IP address: 91.212.116.100. |
Access to the server
| Server | IP address of the server for the Kerberos authentication method (Active Directory for example) |
| Port | Port used by the server. By default, the port 88 / UDP named Kerberos_udp is selected. |
Backup server
| Server | Backup IP address of the Active Directory server for the Kerberos authentication method |
| Port | Port used by the backup server if the main server is no longer available. By default, the port 88 / UDP named Kerberos_udp is selected. |