Select Yes to enable Kerberos authentication for WSTEP enrollment and configure the following settings.

Select No to disable Kerberos authentication for WSTEP enrollment. 

Mandatory: No. This setting defaults to No.

Principal

The Kerberos principal that the CEG Service will use to authenticate to each Active Directory forest for cross-forest WSTEP enrollment. You must use the same Kerberos principal to generate the keytab file used for Kerberos v5 LDAP referrals.

The value must be a string with the following syntax:

Mandatory: When cross-forest trust must be supported for WSTEP enrollment with Kerberos authentication.

Keytab File

The name of the Kerberos keytab file for the domain controller. The keytab file is used to authenticate incoming WSTEP requests.

Mandatory: When cross-forest trust must be supported for WSTEP enrollment with Kerberos authentication.

Permit Deprecated Algorithms (3DES and RC4)

Check this box to permit the 3DES and RC4 deprecated Kerberos algorithms. Uncheck this box to reject these algorithms.

Mandatory: No. This box is unchecked by default.