Kerberos authentication

Qlik NPrinting supports the use of Kerberos and NTLM. If you want to use Kerberos authentication, you need to ensure that browsers used to access Qlik NPrinting are configured to support Kerberos.

Note: The default authentication module requires that the proxy that handles the authentication is part of the Microsoft Windows domain where Qlik NPrinting is installed.

Enabling Kerberos authentication in Qlik NPrinting

To enable Kerberos authentication in Qlik NPrinting, you must edit the webengine.config file installed by default with Qlik NPrinting Server.

Do the following:

  1. Open the webengine.config file located in:

    %Program Files%\NPrintingServer\NPrinting\WebEngine\webengine.config

  2. Uncomment the following line

    + <!--<add key="win-auth-use-negotiate" value="true" />-->

  3. In the domain controller, for the domain where Qlik NPrinting is installed, add the required SPN for the service and users.

Note: Use the SetSPN utility to set the SPN for Kerberosauthentication. For example: setspn -S HTTP/np-server domain\username, where np-server is the name of the Qlik NPrinting Server and domain\username is the user for whom Kerberos is enabled.

This enables Negotiate authentication, that requires Kerberos authentication. If Kerberos authentication is not available, it will fall back to NTLM if NTLM is enabled. To disable the fallback to NTLM, you must configure it in the domain controller.