Automatically Obtain Kerberos Passwords
-
- Last UpdatedMar 14, 2025
- 2 minute read
This procedure describes how to configure access to the domain controller in order to extract Kerberos keys of machine accounts. To perform this procedure, you need to know the credentials of a user with admin permissions for the active directory.
To configure SecureSphere to access the domain controller:
- On the Kerberos tab, enable the Using Kerberos option.
- Fill in the fields for the Automatically obtain passwords from domain controller option.
- IP: Enter the IP address of your Windows domain controller.
- User: Enter the domain and name of a user with admin permissions for the active directory.
- Password: Type the password for the user.
- Verify Password: Retype the password.
- Click Save. Do one or both of the following:
- To immediately extract Kerberos keys from the domain controller, click Run Now.
- To schedule Kerberos key extraction, expand the Not Scheduled link.
- To schedule one extraction, select Once and then select the date and the time.
- To schedule recurring extractions, select Recurring and then select the frequency (Daily, Weekly, or Monthly), the start date, and the time.
- Click Save in the upper right of the screen. Your settings are saved.
- (Recommended) After you configure Kerberos, disable the Automatic Machine Account Password Changes Windows feature. For more information, see (Recommended) Disabling Automatic Machine Account Password Change.
Note: When SecureSphere successfully obtains Kerberos keys from the domain controller, the keys are added to the Kerberos Keys table. For more information, see Managing Kerberos Keys.