Editing Kerberos configuration

Contributors netapp-ivanad

You can use System Manager to enable Kerberos and to edit a Kerberos configuration that is associated with a storage virtual machine (SVM),which enables the SVM to use Kerberos security services for NFS.

Before you begin
  • You must have at least one Kerberos realm configured at the SVM level.

  • You must have a minimum of two data LIFs on the SVM.

    One data LIF is used by the Service Principal Name (SPN) for both the UNIX and CIFS-related Kerberos traffic. The other data LIF is used for accessing non-Kerberos traffic.

    Note

    A CIFS server is not required for basic NFS Kerberos access. A CIFS server is required for multiprotocol access or when using Active Directory as an LDAP server for name mapping purposes.

About this task

If you are using Microsoft Active Directory Kerberos, the first 15 characters of any SPNs that are used in the domain must be unique. Microsoft Active Directory has a limitation for SPNs of 15 characters maximum and does not allow duplicate SPNs.

Steps
  1. Click Storage > SVMs.

  2. Select the SVM, and then click SVM Settings.

  3. In the Services pane, click Kerberos Interface.

  4. In the Kerberos Interface window, select the interface, and then click Edit.

  5. In the Edit Kerberos Configuration dialog box, make the required changes, and then click OK.

Related information