Requirements

This document is based on the following versions and requirements. Older versions may also work but may lack some features or require a slightly different configuration.

Component	Requirement	Comments
Airlock Gateway (WAF)	Version 7.6 or newer: Valid Airlock Gateway license for at least the following 2 web applications: Airlock IAM Back-end application	Install the latest Airlock Gateway updates before proceeding.
Airlock IAM	Valid Airlock IAM license with the following license bundles: Airlock IAM Enhanced Authentication Optional: Kerberos tools installed (only required for troubleshooting). For CentOS: `yum install krb5-workstation`	Install the latest Airlock IAM bugfix releases before proceeding.
Network connections from Airlock IAM	To the Active Directory Domain Controller: UDP and TCP Port 88 (Kerberos) TCP Port 636 (LDAPS)
Time synchronization	Time needs to be synchronized between: Airlock IAM Active Directory Domain Controller Windows Client	Kerberos has a strict time synchronization requirement. If time is not synchronized within some narrow limits, authentication fails.
Client	Windows Operating System which is joined to the Active Directory Domain. Connectivity to the Active Directory Domain Controller in order to request Kerberos Tickets.
User	Is signed in with his Active Directory Domain User Account.
Administrative access	Domain admin permission on Active Directory Domain Controller	Required for Create Kerberos System User Register Service Principal Name (SPN)