Kerberos Settings

Jamf Connect Documentation

Solution
Application: Jamf Connect
Content Type: Technical Documentation
Utilities & Services
ft:locale: en-US

Domain —com.jamf.connect
Dictionary —Kerberos
Description —
Used to integrate Self Service+ with a Kerberos realm for password syncing


Setting	Description
Kerberos Realm `Realm`	Specifies the Kerberos realm used to get Kerberos tickets. Your Kerberos realm should be written in all caps. `<key>Realm</key> <string>YOURCOMPANY.NET</string>`
Renew Kerberos Tickets `AutoRenewTickets`	Determines if the Kerberos tickets should be renewed. `<key>AutoRenewTickets</key> <false/>`
Cache Tickets On Network Change `CacheTicketsOnNetworkChange`	Determines whether a user's Kerberos tickets are cached or destroyed when a network status changes on computers. When enabled (set to `true`), computers will cache Kerberos tickets when a network change occurs. By default, this setting is disabled (set to `false`) and Kerberos tickets are destroyed during a network change. `<key>CacheTicketsOnNetworkChange</key> <false/>`
Custom Short Name `ShortName`	A custom short name to use to obtain Kerberos tickets. Jamf Pro Computer Variables are supported for this field and can be used to populate with attribute values stored in Jamf Pro. `<key>ShortName</key> <string>Joel</string>`
Short Name Attribute `ShortNameAttribute`	The ID token attribute to use as a short name. If unspecified, the `ShortName` value will be used. If no values are found for `ShortNameAttribute` or `ShortName` and the `AskForShortName` setting is enabled (set to true), the user will be prompted to enter their short name. Note: Short Name Attribute cannot be used to specify the short name if MFA is enabled. If Okta is your IdP, you must also have the Client ID (`ROPGID`) and Tenant ID (`TenantID`) preference keys configured for Self Service+ to use the short name specified by `ShortNameAttribute`. `<key>ShortNameAttribute</key> <string>attribute</string>`
Ask for Short Name `AskForShortName`	Determines if the user is asked to enter their Kerberos short name upon first sign in. `<key>AskForShortName</key> <false/>`
Ask for Short Name Message `AskForShortNameMessage`	Specifies the message displayed to users when requesting their Kerberos short name. `<key>AskForShortNameMessage</key> <string>Enter your Active Directory username.</string>`
Kerberos Timeout `Timeout`	Sets a delay in seconds between obtaining a network connection and attempting to obtain a Kerberos ticket. Valid values are integers between 1 and 60. If unset, default value is 5. `PasswordChangeWorkflow` must be set to Kerberos for this option to be used. `<key>Timeout</key> <integer>30</integer>`