Verifying Kerberos configuration

To verify the Keberos constrained delegation (KCD) setup, use the following CLI command:

debug sentry kerberos request-ticket

The CLI command issues a Kerberos ticket for a particular user. These tickets are issued for testing and debugging only and are not cached or reused.

Table 52.   Verifying Kerberos configuration

Feature

Command

Request a kerberos ticket on behalf of a user with a host:port combination

debug sentry kerberos request-ticket host-port <upn> <realm> <hostname> [port]

upn: user's UPN

realm: user's REALM

hostname: backend server's hostname

port:: backend server’s port

The default value for port is 443.

Request a kerberos ticket on behalf of a user with an SPN

debug sentry kerberos request-ticket spn <upn> <realm> <spn>

upn: user's UPN

realm: user's REALM

spn: service principal name