Install Guide

Configure Key Server

● This section explains how to configure components for use with Kerberos Authentication/Authorization when using an

Security Management Server. The Security Management Server Virtual does not use the Key Server.

The Key Server is a service that listens for clients to connect on a socket. Once a client connects, a secure connection is

negotiated, authenticated, and encrypted using Kerberos APIs (if a secure connection cannot be negotiated, the client is

disconnected).

The Key Server then checks with the Security Server (formerly the Device Server) to see if the user running the client is

allowed to access keys. This access is granted via individual domains in the Management Console.

● If Kerberos Authentication/Authorization is to be used, then the server that contains the Key Server component needs to be

part of the affected domain.

● Because the Security Management Server Virtual does not use the Key Server, typical uninstallation is affected. When an

Encryption client that is activated against a Security Management Server Virtual is uninstalled, standard forensic key

retrieval through the Security Server is used, instead of the Key Server's Kerberos method. See Command Line

Uninstallation for more information.

Services Panel - Add Domain Account User

1. On the Security Management Server, navigate to the services panel (Start > Run > services.msc > OK).

2. Right-click Key Server and select Properties.

3. Select the Log On tab and select the This account: option.

In This account:, add the domain account user. This domain user must have at least local administrator rights to the Key

Server folder (must be able to write to the Key Server config file, as well as the ability to write to the log.txt file).

Enter and confirm the password for the domain user.

Click OK.

88 Configure Key Server