Previous Topic: KerberosNext Topic: Endpoint Custom Settings Tab

Endpoint Tab

Use this tab to register or view the properties of a Kerberos endpoint.

The fields in this tab are listed below:

Endpoint Name

Specifies the name of the Kerberos endpoint.

Size/Type: 1 to 100 characters

This is a required field.


User-supplied description field.

Size/Type: 1 to 128 characters


Specifies the host name or IP address of the server where the Kerberos Server is deployed.

Size Type: 1 to 100 alphanumeric characters.

This is a required field.

Note: This host may be used by multiple KRB endpoints managing multiple Kerberos realms.


Specifies the port number the server listens on. If this field is left blank, the default port is used. If not left blank, the number is passed to the kadmin command.


Specifies the Kerberos realm to be managed.

Size/Type: 1 to 100 alphanumeric characters.

This is a required field.

Note: The same naming rules that apply to principals also apply to Kerberos realms.

Authentication Method Security Controls

Use these controls to specify the authentication method. When the Keytab option is selected, the Keytab and Principal fields are enabled. When the Principal option is selected, the Principal and Password fields are enabled.


Specifies the fully qualified keytab filename. If this field is left blank, the connector uses the default keytab. On Solaris the default keytab file is:



Specifies the principal to authenticate with. If you use the keytab option, the principal's encrypted password must be in the keytab file.

If you use the keytab option and you leave this field blank, the host principal of the host where the Java CS is deployed, host/localhostname@REALM, will be used to authenticate using its key from the keytab. When the principal is specified, its key from the keytab will be used to authenticate.

Note: If you use the keytab option and add a principal to a keytab file using the ktadd command of kadmin, its password will be randomized. So if the principal is being used for another KRB directory by specifying the password, that directory will not be operable since the password is not correct.

This is a required field when using the password option.

Size/Type: 1 to 128 alphanumeric characters.

Note: The naming rules should follow principal naming rules.


Specifies the password for the principal.

Confirm Password

Confirms the password.

SSH Server

Specifies the name of the computer running the SSH service that the connector will connect to. This host must be a member of the Kerberos realm. The SSH service must be enabled on the host.

SSH User

Specifies the account that the connector will use to log in to the SSH server.

SSH Private Key File

Specifies the file that contains the private key of the SSH user, using an absolute or relative path. This private key file must be located on the computer running the JCS. The file format must be in either PEM or OpenSSH format, and it can use a DSA or RSA signature. You can generate the key using any standard tool, including SSH-Keygen and PuTTYgen.

SSH Passphrase

Specifies the passphrase that protects the private key. We recommend that you use a passphrase, but if there is no passphrase, leave this field blank.

Explore Timeout

Specifies the time that the Provisioning server waits for a response from the remote server before generating an error for the Explore and Correlate operation.

Default Value: 3600 seconds or 1 hour

Default Account Template

Specifies the default account template of the endpoint. The default account template is used to create new accounts on the endpoint. Click the Browse button to search and add account templates.