Obtaining a keytab file, Configuring and activating kerberos support, Search by an authorized user – Google Search Appliance Managing Search for Controlled-Access Content User Manual
Page 64: Kerberos authentication
Google Search Appliance: Managing Search for Controlled-Access Content
64
Obtaining a keytab File
Before configuring and activating Kerberos support, Tanya must obtain a Kerberos Service Key Table
(keytab) file from the domain controller.
Tanya performs the following actions:
1.
Tanya requests a keytab file for the search appliance from Ashish, the Windows system
administrator.
2.
Ashish sends Tanya a keytab file named searchappliance.keytab.
3.
Tanya saves the keytab file on her Desktop.
Configuring and Activating Kerberos Support
Now, Tanya needs to configure the search appliance to check for a user’s session ticket during serve.
She also needs to activate Kerberos support:
1.
Tanya opens Serving > Universal Login Auth Mechanisms > Kerberos.
2.
Under Specify a Kerberos Key Distribution Center (KDC) / Windows Domain Controller (DC),
Tanya enters hal.alphalyon.com in the Kerberos KDC Hostname box, and clicks Save Kerberos
KDC Hostname to save the change.
3.
Under Import a Kerberos Service Key Table (“keytab”) File, Tanya clicks Browse and navigates to
her Desktop folder.
4.
She selects the keytab file, searchappliance.keytab, and clicks OK to upload the Kerberos key
table file to the search appliance.
5.
She clicks Import Kerberos Keytab File to save the change.
6.
In the section labeled Activate IWA (Integrated Windows Authentication) / Kerberos
Authentication, she clicks Enable Kerberos support, and clicks Save. Because she is configuring
Kerberos support for the Default credential group, she does not need to select a credential group
from the pull-down menu.
Now that the search appliance is configured to use Kerberos authentication, any time a user requests
secure content, the search appliance attempts to authenticate with the user’s Kerberos session key. No
additional setup is needed for secure serve.
Serving Controlled-Access Content to the User as Secure
Content with Kerberos Authentication
AlphaLyon now has public and secure search results available on the search appliance, and the search
appliance is able to authenticate users against a Windows Domain Controller.
Search by an Authorized User
Salim is looking for a detailed report that discusses sales figures for the new “AlphaLyon Product”
release. Salim opens the search page in a web browser and enters a query for “AlphaLyon Product fall
sales report”.