Skip to main content
System Manager Classic

Manage Kerberos interface services with System Manager - ONTAP 9.7 and earlier

Contributors netapp-aoife

You can use ONTAP System Manager classic (available in ONTAP 9.7 and earlier) to manage Kerberos interface services.

Edit Kerberos configuration

You can use System Manager to enable Kerberos and to edit a Kerberos configuration that is associated with a storage virtual machine (SVM),which enables the SVM to use Kerberos security services for NFS.

Before you begin
  • You must have at least one Kerberos realm configured at the SVM level.

  • You must have a minimum of two data LIFs on the SVM.

    One data LIF is used by the Service Principal Name (SPN) for both the UNIX and CIFS-related Kerberos traffic. The other data LIF is used for accessing non-Kerberos traffic.

    Note

    A CIFS server is not required for basic NFS Kerberos access. A CIFS server is required for multiprotocol access or when using Active Directory as an LDAP server for name mapping purposes.

About this task

If you are using Microsoft Active Directory Kerberos, the first 15 characters of any SPNs that are used in the domain must be unique. Microsoft Active Directory has a limitation for SPNs of 15 characters maximum and does not allow duplicate SPNs.

Steps
  1. Click Storage > SVMs.

  2. Select the SVM, and then click SVM Settings.

  3. In the Services pane, click Kerberos Interface.

  4. In the Kerberos Interface window, select the interface, and then click Edit.

  5. In the Edit Kerberos Configuration dialog box, make the required changes, and then click OK.

Kerberos Interface window

You can use the Kerberos Interface window to enable Kerberos and to edit the Kerberos configuration for storage virtual machines (SVMs).

Command buttons

  • Edit

    Opens the Edit Kerberos Configuration dialog box, which you can use to enable Kerberos and to edit the Kerberos configuration associated with the SVM.

  • Refresh

    Updates the information in the window.

Kerberos Interface list

Provides details about the Kerberos configuration.

  • Interface Name

    Specifies the logical interfaces associated with the Kerberos configuration for SVMs.

  • Service Principal Name

    Specifies the Service Principal Name (SPN) that matches the Kerberos configuration.

  • Realm

    Specifies the name of the Kerberos realm associated with the Kerberos configuration.

  • Kerberos Status

    Specifies whether Kerberos is enabled.

Related information