Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 237

Table 59: Configuring Basic, NTLM, and Kerberos Resources (continued)
Options
KDC
General > Kerberos > Constrained Delegation > Constrained Delegation > New Constrained Delegation
Label
Realm
Principal Account
Password
Service List
General > Kerberos > Constrained Delegation > Constrained Delegation Services List > New Constrained Delegation
Service List
Id
Name
Services
General > Kerberos > Kerberos Intermediation > Kerberos Intermediation > New Kerberos Intermediation
Label
Realm
Credential Type
Username
Password
Variable Password
Copyright © 2010, Juniper Networks, Inc.
Your Action
Enter the hostname or IP address of the KDCs if DNS is unavailable or if you want
the device to contact a specific KDC for tickets. If you enter a KDC, the device does
not use DNS to obtain the list of KDCs based on the values entered in the Site Name
and Realm boxes.
Enter a name to uniquely identify the constrained delegation. No external mapping
is made to the label value.
Select the realm to use. The drop-down list is populated by values in the Realm box.
Enter the constrained delegation account. The device obtains the constrained
delegation tickets with the value you enter on behalf of the user.
Enter the constrained delegation account password.
Select the service list to use. The list should be an exact match with the service list
in Active Directory if you want the device to perform constrained delegation for all
the services. Hostnames must be an exact match.
Enter a unique identification number for the constrained delegation service list.
Enter a name for the constrained delegation service list.
Enter the service list name.
Enter a name to uniquely identify the Kerberos Intermediation. No external mapping
is made to the label value.
Select the realm to use. The drop-down list is populated by values in the Realm box.
Select one of the following options from the drop-down list:
System—Specifies the set of user credentials, such as primary and secondary
authorization credentials, stored in the device. If you select this option, you do not
need to enter the username and password.
Variable—Allows tokens such as username and password to be used in the
Username and Password boxes.
Static—Specifies the username and password exactly as they are entered in the
Username and Password boxes.
Enter the account username.
Enter the account password.
Enter the password token if you select Variable as the credential type.
Chapter 14: Configuring Single Sign-On
219