Kerberos support in Linux is provided by both the MIT Kerberos package or Heimdal package. Use the appropriate version available with your distribution. The Kerberos configuration file is in /etc/krb5.conf. A sample configuration file is provided below. Only the text in blue is the Zscaler-specific configuration. It is assumed that Kerberos authentication has been configured and is operational.

Ensure that you are already logged in by running the klist command:

If no tickets are found, run the kinit command:

Validate the Configuration

Configure Firefox

To configure Firefox, do the following:

1. In the address bar of Firefox, enter about:config to display the advanced configuration options.
2. In the Filter field, type negotiate to narrow down the list.
3. Set the following field to the respective values:

network.negotiate-auth.trusted-uris: gateway.zscalerbeta.net, .gateway.zscalerbeta.net

If authentication fails, open a terminal and execute the following commands:

	user@linux~$ export NSPR_LOG_MODULES=negotiateauth:5 
	user@linux~$ export NSPR_LOG_FILE=/tmp/firefox-dbug.log 
	user@linux~$ firefox

The file /tmp/firefox-dbug.log contains the trace of events that might be useful when investigating issues.

Troubleshooting

To troubleshoot your Kerberos configuration, see Troubleshooting Kerberos and ZIA Public Service Edge Error Codes for Kerberos.