Zabbix Documentation 4.4

2.23.04.04.2 (current)In development:4.4 (devel)Unsupported:1.82.02.43.23.4

User Tools

Site Tools


Sidebar

manual:appendix:items:kerberos

17 Configuring Kerberos with Zabbix

Overview

Kerberos authentication can be used in web monitoring and HTTP items in Zabbix since version 4.4.0.

This section describes an example of configuring Kerberos with Zabbix server to perform web monitoring of www.example.com with user 'zabbix'.

Steps

Step 1

Install Kerberos package.

For Debian/Ubuntu:

apt install krb5-user

For RHEL/CentOS:

yum install krb5-workstation
Step 2

Configure Kerberos configuration file (see MIT documentation for details)

cat /etc/krb5.conf 
[libdefaults]
	default_realm = EXAMPLE.COM
 
# The following krb5.conf variables are only for MIT Kerberos.
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true
 
[realms]
	EXAMPLE.COM = {
	}
 
[domain_realm]
	.example.com=EXAMPLE.COM
	example.com=EXAMPLE.COM

Step 3

Create a Kerberos ticket for user 'zabbix'.

kinit zabbix
Step 4

Create a web scenario or HTTP agent item with Kerberos authentication type.

Optionally can be tested with the following curl command:

curl -v --negotiate -u : http://example.com

Note that for lengthy web monitoring it is necessary to take care of renewing the Kerberos ticket. Default time of ticket expiration is 10h.