Implementing Domain Authentication
The BMC Server Automation Authentication Service can authenticate users using Windows Active Directory user credentials. Users provide a user name, domain, and password. The Authentication Service uses that information to authenticate the user to the Active Directory KDC, which relies on the Active Directory registry to store the names and passwords of registered users within its Kerberos realm. In Windows, a Kerberos realm is an Active Directory domain.
Configuring a BMC Server Automation system to support Domain Authentication requires configuration beyond the default setup. For details, see Configuring Domain Authentication.
After you configure BMC Server Automation for Domain Authentication, you must configure a client to use an authentication profile set up for Domain Authentication. See System capabilities related to security and Managing authorizations for more information about authentication profiles.
The following topics provide instructions for setting up Domain Authentication at installations where AD/Kerberos authentication is not already being used for BMC Server Automation. If you have already set up AD/Kerberos authentication for BMC Server Automation, use your existing Kerberos configuration files and modify as necessary based on the descriptions in the following topics.