Skip to content

Kerberos

Overview

PPA tasks can use Kerberos authentication when connecting to Windows servers.

Kerberos may be required in scenarios where Powershell scripts need to:

  • Invoke Powershell sessions on other domain servers
  • Run Powershell cmdlets against other servers

Configuration

Prerequisites

You will need:

  • An Active Directory domain controller
  • A set of credentials to generate a kerberos ticket with

The permissions granted to the credentials you use will be mirrored in the Kerberos ticket.

Ensure the credentials you use have permission to do what your tasks need to do.

Kerberos Details

You can set up Kerberos on the Configuration page in the Integrations area.

Default Roles

The Kerberos form fields are explained underneath.

Default Roles

Host & Port

The domain controller IP/DNS address & KDC port.

The KDC port is optional, if you do not supply it 88 will be used by default.

Realm

The FQDN of the Active Directory domain.

Username

The username of the Active Directory account you wish to grant the ticket for.

Password

The password of the Active Directory account you wish to grant the ticket for.

Advanced

PPA auto-generates a base Kerberos configuration when the form is successfully saved.

You can edit this configuration if required, but most use cases do not require this.