Implementing Domain Authentication

The TrueSight Server Automation Authentication Service can authenticate users using Windows Active Directory user credentials. Users provide a user name, domain, and password. The Authentication Service uses that information to authenticate the user to the Active Directory KDC, which relies on the Active Directory registry to store the names and passwords of registered users within its Kerberos realm. In Windows, a Kerberos realm is an Active Directory domain.

Configuring a TrueSight Server Automation system to support Domain Authentication requires configuration beyond the default setup. For details, see Configuring Domain Authentication.

After you configure TrueSight Server Automation for Domain Authentication, you must configure a client to use an authentication profile set up for Domain Authentication. See System capabilities related to security and Managing authorizations for more information about authentication profiles.

The following topics provide instructions for setting up Domain Authentication at installations where AD/Kerberos authentication is not already being used for TrueSight Server Automation. If you have already set up AD/Kerberos authentication for TrueSight Server Automation, use your existing Kerberos configuration files and modify as necessary based on the descriptions in the following topics.

• Sample domain structure
• Configuring Domain Authentication