The Domain Authentication solution integrates BMC Server Automation with Active Directory without requiring users to obtain a Kerberos ticket—that is, a Windows user credential.
In Domain Authentication, BMC Server Automation clients (the BMC Server Automation Console or the
blcred utility) accept a user's name, domain, and password. This information is passed to the Authentication Service, which delegates user authentication to the Active Directory domain controller. If the domain controller successfully authenticates the user, the BMC Server Automation Authentication Service issues the BMC Server Automation client an SSO session credential. The BMC Server Automation client application can then use the session credential to establish an authenticated secure session with the Application Server or a Network Shell Proxy Service identified by the service URLs in the session credential.
Domain Authentication provides greater flexibility than AD/Kerberos. A user logging into the BMC Server Automation Application Server can authenticate with a different user name than the user name used to log into the Windows system hosting the BMC Server Automation client application. For example, a user can log into Windows as Sally@DOMAIN.COM and then log into BMC Server Automation as Administrator@DOMAIN.COM.