Using Kerberos for authentication
Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications by using strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. This topic contains the following information:
Configuring Kerberos video
Click the following BMC Atrium Single Sign-On 8.1 Kerberos configuration video for more information:
Embedded player can toggle to full screen | YouTube:
Before you begin
Before using Kerberos for authentication, a service principal for the BMC Atrium Single Sign-On server must be added to the realm. This service principal is used by clients to request a service ticket when authenticating. The service principal name is based on the host name of the server running BMC Atrium Single Sign-On.
To use Kerberos authentication with Active Directory (AD) installed on a Windows 2008 machine, upgrade Windows 2008 to SP2 (at least) or apply the Hotfix for Windows (KB951191). In addition, the identity used for the service principal cannot be the computer identity hosting the Atrium SSO service.
Kerberos authentication can not be used to authenticate clients from the same computer where BMC Atrium Single Sign-On is installed.
To set up Kerberos to use for authentication
For information about troubleshooting issues with Kerberos, see Troubleshooting Kerberos authentication.