Kerberos authentication settings

Note

• Kerberos authentication functionality is enabled by default.
• If enabled, Kerberos is used in RDP sessions authentication against the server and the Active Directory external authentication method.
• The Active Directory external authentication method uses the Kerberos protocol as the first step.
• If Active Directory authentication is successfully completed using Kerberos, the configured certificate will not be applied, as it is only utilized when a fallback to LDAP is required.

Disable Kerberos authentication

To disable the Kerberos authentication option globally, select Settings > Authentication, go to Global tab, and deselect Kerberos authentication enabled option in the Kerberos section.

Add KDC Servers

Fudo Enterprise supports configuring Key Distribution Servers (KDC) and mapping domains to KDC servers.

To add a KCDC server:

1. Select Settings > Authentication > Global tab.
2. Go to Kerberos section.
3. Click Add server.

4. Provide the fully qualified domain name (FQDN) in the Domain field (e.g., fudo.com, .fudo.com).
5. Provide the KDC server address in the Address field (e.g., 192.168.1.1, foo.bar, tcp/foo.bar, udp/192.168.1.1:88).

Related topics:

• User authentication methods and modes
• OpenID Connect authentication definition with Microsoft Entra (Azure)
• System overview
• Integration with CERB server