Kerberos Authentication
2017 R1 Update Rollup 1

Kerberos AuthenticationPermanent link for this heading

Configuration of Mozilla FirefoxPermanent link for this heading

No Proxy ServerPermanent link for this heading

No proxy server may be used. On the “Edit” menu, click “Properties”. On the “General” tab, click “Connection Settings” and select the Direct connection to the Internet box.

Security SettingsPermanent link for this heading

Enable the negotiate authentication for the Linux server running the Fabasoft Folio Management Service. Type the “about:config” command in the address bar of the web browser. Modify the parameters network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris and add the Linux server.

URLPermanent link for this heading

It is mandatory that a fully qualified domain name is provided to connect to the service. By default the Linux Fabasoft Folio Management Service listens on port 17088.

Example:

http://fsclnx.sub.comp.com:17088

Configuration of Microsoft Internet ExplorerPermanent link for this heading

No Proxy ServerPermanent link for this heading

No proxy server may be used. On the “Tools” menu click “Internet Options”. On the “Connections” tab click “LAN Settings” and clear the Use a proxy server for your LAN check box.

Security SettingsPermanent link for this heading

Put the Linux server running the Fabasoft Folio Management Service in the “Local intranet” or “Trusted sites” zone. On the “Tools” menu click “Internet Options”. On the “Security” tab click “LAN Settings” and select the desired zone and add the server (“Sites” button).

If the server is added to the local intranet, the default security setting Automatic logon only in Intranet zone for that zone is appropriate.

If the server is added to the trusted sites, the Automatic logon with current username and password security setting has to be selected.

Additionally, the integrated Windows authentication has to be enabled. On the “Tools” menu select “Internet Options”. On the “Advanced” tab select the Enable Integrated Windows Authentication (requires restart) check box.

URLPermanent link for this heading

It is mandatory that a fully qualified domain name is provided to connect to the Fabasoft Folio Management Service. By default the Fabasoft Folio Management Service listens on port 17088.

Example:

http://fsclnx.sub.comp.com:17088

Kerberos TicketsPermanent link for this heading

The user, who should administer the Fabasoft Folio Domain via the Fabasoft Folio Web Management, must have a valid Kerberos ticket.

If the Fabasoft Folio Web Management runs on a Microsoft Windows system, log in as a Microsoft Windows domain user, who has administrative rights on the Fabasoft Folio Domain. The Kerberos ticket is provided automatically.

If the Fabasoft Folio Web Management runs on a Linux system, the Kerberos ticket is also provided automatically if a LDAP and KDC environment is available. To get a ticket for a specific user (e.g. Microsoft Windows domain user) manually execute the kinit <user> command. To verify the ticket use the klist command.