NetScaler has feature rich AAA module from many releases and works with external AAA servers. With latest 9.3 nCore release we took the AAA module to altogether different layer by adding Kerberos support. Kerberos is a well-known network authentication protocol accepted in all kind of deployments. Kerberos becomes a mechanism to authenticate a client to any service without sending password on the wire. Most of the common browsers support Kerberos and many times you get logged into various network services transparently through Kerberos. There are many benefits of using Kerberos and common one is ability to do Single Sign-on. Kerberos is used heavily in Windows environment as Windows Server has Kerberos Key Distribution Center built-in.
NetScaler implementation of Kerberos only supports Windows Server version of KDC. NetScaler uses user land Likewise processes for handling Kerberos authentication on Traffic Management vserver. In case of Kerberos failure the authentication agent falls back on NTML authentication mode. Kerberos is supported over High Availability NetScaler setup and at any point in time only the Primary NetScaler is part of the logical domain. Following diagram shows how Kerberos authentication happens with authentication vserver on NetScaler.
Here are the key configuration steps to set it up:
To learn more and to read the entire article at its source, please refer to the following page, Kerberos Authentication on NetScaler, is it true???- The Citrix Blogs