Configure Kerberos User Authentication in Kerio Connect Virtual Appliance

Overview

Kerio Connect User Authentication can be configured using Kerberos. The set up in Virtual Appliance requires advanced configuration both on the Kerio Connect side and Active Directory server.

Process

Setting up Kerberos User Authentication Against Active Directory

Install the Kerberos 5 packages:

apt-get updateapt-get install krb5-config krb5-user

For Kerio Connect 8.5 and older, install the following packages:
```
apt-get install krb5-clients krb5-config krb5-user
```
In the Kerberos 5 configuration wizard, configure the Kerberos realm and domain server hostname.
Add a new computer to your Active Directory. Use the same hostname as defined in the appliance (run hostname -f to display the hostname). If you set up a wrong hostname, change the following configuration files:

/etc/hostname and /etc/hosts
Add the Service Principal Name for the computer to the Kerberos database.
Run the following command on your Windows Active Directory (master):
```
setspn.exe -R hostname
```

Back to top

Verification

Run the following command on your Kerio Connect console:

kinit -S host/<hostname_domain.com>@<DOMAIN.COM>

Where <hostname_domain.com> is the appliance hostname that corresponds to the computer name in the Active Directory, and <DOMAIN.COM> is the Kerberos realm that is in use by your Active Directory.

The command throws a Kerberos error if the mail server machine is not properly joined.

Back to top

Using Kerio Connect Virtual Appliance

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Priyanka Bhotika
Posted
Updated

Comments

Please sign in to comment