In addition to the NiagaraAX station (and station host) setup for Kerberos described in Configuring the Kerberos Authenticator component, there is “client-side” Kerberos setup required too. This additional setup applies to all computers that need to access (as a client) any station with a Kerberos authenticated LDAP user service, whether using either Workbench or web browser access.

Two different types of additional Kerberos-related client setup may be required:

In AX-3.8, apart from any Kerberos-related configuration, any browser client PC that needs to access a station to run “Web Workbench” (WbApplet), also requires “Unlimited Strength Policy Files” added to its Java installation. For details, see the section “Additional AX-3.8 client-side Java installation steps” in the latest NiagaraAX 2013 Security Updates document.