ScaleArc Settings for Kerberos

The following chart provides an overview of the ScaleArc settings and their relationship in a Kerberized cluster.

Cluster status

Is ScaleArc joined as a machine in AD?

During cluster creation (database access)... Following cluster set up... Kerberos (ScaleArc admin)

Keberos
(User) 

NTLM
Non-Kerberized cluster No

Status

The option Use Kerberos for Authentication is unchecked.

 

ScaleArcAuthentication Offload ON (default)
Windows Authentication ON
Kerberos Authentication Offload  OFF

Action

  1. If you try to turn ON Kerberos Authentication Offload you receive a message requesting that you need to first join Windows AD as a machine account.
No No Yes
Fully-Kerberized cluster

Yes. This is a pre-requisite.

Status

The option Use Kerberos for Authentication is checked by default.

ScaleArc Authentication Offload ON (default)
Windows Authentication ON
Kerberos Authentication Offload  ON
Yes Yes Yes
Partially-Kerberized cluster Yes. This is a pre-requisite.

Status

The option Use Kerberos for Authentication is unchecked.

Action

  1. Enter username and password.

ScaleArc Authentication Offload OFF (default is ON)
Windows Authentication ON
Kerberos Authentication Offload  OFF

Kerberos Authentication Offload remains OFF as ScaleArc Authentication Offload is OFF in Users & DBs.

 

Yes

No

 

 

 

 

 

 

Yes

 

 

 

 

 

 

   

Action

  1. Select the option Use Kerberos for Authentication.

Action

To turn ON Kerberos Authentication Offload:

  1. Stop the cluster.
  2. Turn ON ScaleArc Authentication Offload iin Users & DBs.
  3. Turn ON Kerberos Authentication Offload.
Yes Yes Yes