Home > Configuration > AAA > addaaakcdaccount

addaaakcdaccount

Use this method to add a Kerberos constrained delegation account.

Syntax



Parameters

kcdaccount

The name of the KCD account.
This is mandatory parameter.

keytab

The path to the keytab file. If specified other parameters in this method need not be given

realmstr

Kerberos Realm.

delegateduser

Username that can perform kerberos constrained delegation.

kcdpassword

Password for Delegated User.

usercert

SSL Cert (including private key) for Delegated User.

cacert

CA Cert for UserCert or when doing PKINIT backchannel.

userrealm

Realm of the user

enterpriserealm

Enterprise Realm of the user. This should be given only in certain KDC deployments where KDC expects Enterprise username instead of Principal Name

servicespn

Service SPN. When specified, this will be used to fetch kerberos tickets. If not specified, Citrix ADC will construct SPN using service fqdn

saltexpression

Salt expression used by Kerberos impersonation. When configured, this expression will be used for key derivation with AES-128 or AES-256 encryption types. For RC4 encryption, the salt is not used. If the salt expression is not set, the default behavior is to derive the salt value from the Kerberos principal.

Return Value

Returns simpleResult

See Also


checkaaakcdaccount

getaaakcdaccount

rmaaakcdaccount

setaaakcdaccount_cacert

setaaakcdaccount_delegateduser

setaaakcdaccount_enterpriserealm

setaaakcdaccount_kcdpassword

setaaakcdaccount_keytab

setaaakcdaccount_realmstr

setaaakcdaccount_saltexpression

setaaakcdaccount_servicespn

setaaakcdaccount_usercert

setaaakcdaccount_userrealm

unsetaaakcdaccount_cacert

unsetaaakcdaccount_delegateduser

unsetaaakcdaccount_enterpriserealm

unsetaaakcdaccount_kcdpassword

unsetaaakcdaccount_saltexpression

unsetaaakcdaccount_servicespn

unsetaaakcdaccount_usercert

unsetaaakcdaccount_userrealm