Kerberos Usernames and Login Methods in Hearst

Article #:

Product:

Version:

 

All

Hearst onwards

Summary:

Changes in the Hearst release affect how Kerberos-based usernames and login methods are displayed and processed.

Note: If prior to the Hearst release, you had Normalize usernames enabled (see https://help.smoothwall.net/Latest/Content/modules/auth/cgi-bin/auth/settings.htm), this article does not apply.

Changes to the Kerberos Usernames

The Hearst release affects customers that use the Kerberos authentication method (see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/filteringpolicywiz.htm), and do not have usernames normalized.

Prior to the Hearst release, Kerberos usernames were processed and presented in their non-normalized format as username@domain.tld, for example, jo.bloggs@mydomain.com.

From Hearst, Kerberos usernames will be processed and presented in the normalized format of DOMAIN\username, regardless of whether Normalize usernames is enabled.

How will this affect you?

Usernames now displayed in the normalized format in the User activity page
Report data from before the Hearst upgrade will not be adjusted to reflect the username changes
User-based Guardian web filtering policies may not apply

Action Needed:

When running reports with a date range that is for, or contains, the pre-Hearst upgrade period, you must enter both forms of the username to see the full activity for that user
Any user-based Guardian web filtering policies must be adjusted to account for the normalized username
If you make use of a combination of NTLM and Kerberos authentication methods, it is recommended you enable the Normalize usernames parameter to ensure usernames are presented consistently

Changes to the Displayed Login Method in User Activity

From Hearst onwards, the login URL that the Kerberos login script uses has been extended to support NTLM.

Users logging in via the login script are now shown in the User activity page with a Method of Negotiate Login rather than Kerberos Login (see https://help.smoothwall.net/Latest/Content/modules/auth/cgi-bin/auth/useractivity.htm).

Attribution:

Last updated:

Author:

Contributions by:

26th September 2016

Samantha Nair

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.