6.8.5 Kerberos Tab (Security Properties Dialog Box)

Kerberos is a protocol that uses a trusted third party to enable secure communications over a TCP/IP network. The protocol uses encrypted tickets rather than plain-text passwords for secure network authentication and also supports encryption of the data stream.

You will not see this tab if your Micro Focus does not support Kerberos authentication.

The options are:

Reflection Kerberos

Enables Kerberos authentication. You must select this check box before you can set other items.


Specifies the principal for which you want to obtain Kerberos credentials. A full principal name includes both the principal name and the realm name, in the format <principal>@<realm name>.


Specifies the realm portion of the full principal name. This list contains all the realms that have been configured on your computer.

User ID

By default your client session logs into the host using your principal name for your User Name (or User ID). Change the value for User ID if you want to log into your host with a user name that is different from your principal name.

Mutual Authentication

Select this check box if, in addition to authenticating this principal to a service that requires Kerberos authentication, you want the service to authenticate itself to the principal in return.

Encrypt Data Stream

Select this check box to encrypt the data transmitted between the host and the Kerberos client. When this check box is clear, the authentication (login) process is encrypted, but not subsequent data transmission. Enabling data stream encryption will decrease transmission speed.

CAUTION:Caution for Reflection X sessions: When Encrypt data streamis selected, the initial authentication and commands sent via the Telnet connection are encrypted, but the X11 protocol data stream is not encrypted.

Verify Data Integrity

Select this check box to verify the integrity of data transmitted between the host and the Kerberos client.

This is only available from the FTP Client. You must select the Reflection Kerberos and Mutual authentication check boxes to enable this feature. Verify data integrity is not available for Telnet connections.

Forward Ticket

Enables forwarding of Ticket Granting Tickets (TGT). Ticket forwarding allows you to forward your TGT to another host and get service tickets for additional services without having to repeat the authentication process with the KDC. Tickets that have been forwarded may be forwarded again. You must have Mutual authentication enabled to enable ticket forwarding.

Kerberos Manager

Opens the Kerberos Manager. If the Kerberos Manager is not installed, this button opens the Reflection Kerberos Initial Configuration dialog box.

Renewable ticket (Days, Hours, Minutes)

Ticket granting tickets (TGT) are renewable for the time specified. Click Renew to renew your ticket for the specified interval. When no time interval is given, tickets are not renewable.


Renews your current ticket for the period of time specified in Days, Hours, and Minutes. Your ticket must still be valid when you use this button.