Kerberos Configuration Example: Trust Relationship on Linux Server


Kerberos Configuration Example: Trust Relationship on Linux Server

Kerberos support in Linux is provided by both the MIT Kerberos package or Heimdal package. Use the appropriate version available with your distribution. The Kerberos configuration file is in /etc/krb5.conf. A sample configuration file is provided below. Only the text in blue is the Zscaler- specific configuration. It is assumed that Kerberos authentication has been configured and is operational.

Ensure that you are already logged in by running the klist command:

If no tickets are found, run the kinit command:

Validate the Configuration

Validate the Configuration

Configure Firefox

Do the following:

  • In the address bar of Firefox, type about:config to display the advanced configuration options.
  • In the Filter field, type negotiate to narrow down the list.
  • Set the following fields to the respective values:
  • network.negotiate-auth.trusted-uris: gateway.zscalerbeta.net, .gateway.zscalerbeta.net

If authentication fails, open a terminal and execute the following commands:

	user@linux~$ export NSPR_LOG_MODULES=negotiateauth:5 
	user@linux~$ export NSPR_LOG_FILE=/tmp/firefox-dbug.log 
	user@linux~$ firefox

The file /tmp/firefox-dbug.log contains the trace of events that might be useful when investigating issues.