Verifying Kerberos configuration
To verify the Keberos constrained delegation (KCD) setup, use the following CLI command:
debug sentry kerberos request-ticket
The CLI command issues a Kerberos ticket for a particular user. These tickets are issued for testing and debugging only and are not cached or reused.
|
Feature |
Command |
|
Request a kerberos ticket on behalf of a user with a host:port combination |
debug sentry kerberos request-ticket host-port <upn> <realm> <hostname> [port] •upn: user's UPN •realm: user's REALM •hostname: backend server's hostname •port:: backend server’s port The default value for port is 443. |
|
Request a kerberos ticket on behalf of a user with an SPN |
debug sentry kerberos request-ticket spn <upn> <realm> <spn> •upn: user's UPN •realm: user's REALM •spn: service principal name |