Using Kerberos for authentication
Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications by using strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. This topic contains the following information:
Before you begin
Before using Kerberos for authentication, a service principal for the BMC Atrium Single Sign-On server must be added to the realm. This service principal is used by clients to request a service ticket when authenticating. The service principal name is based on the host name of the server running BMC Atrium Single Sign-On. For information about service principal, see Generating a keytab file for the service principal.
To use Kerberos authentication with Active Directory (AD) installed on a Windows 2008 machine, upgrade Windows 2008 to SP2 (at least) or apply the Hotfix for Windows (KB951191). In addition, the identity used for the service principal cannot be the computer identity hosting the Atrium SSO service.
Note
Kerberos authentication can not be used to authenticate clients from the same computer where BMC Atrium Single Sign-On is installed.
To set up Kerberos to use for authentication
For information about setting up Kerberos with Active Directory, see End-to-end steps for configuring Active Directory Kerberos authentication.
For information about setting up Kerberos with MIT Kerberos, see End-to-end steps for configuring MIT Kerberos authentication.
Note
If you have not reconfigured your browser for using Kerberos authentication, you will have to configure it. For more information, see Reconfiguring your browser.
For information about troubleshooting issues with Kerberos, see Troubleshooting Kerberos authentication.
Where to go from here
- For information about managing users, user groups, and authentication modules, see Administering.
Comments
Hi Team,
The video is still referring to version 8.1, could you please upload a new video illustrating 9.0 implementation?
Thanks & Regards,
Kaushal
Thanks for pointing that out, Kaushal.
We will add your request to the documentation enhancements pipeline!
- Abhay
Hello Abhay,
"Before using Kerberos for authentication, a service principal for the BMC Atrium Single Sign-On server must be added to the realm" --> can I know what is this service principal and where I can create/configure this? I am new to SSO and I want to have a single sign on between Remedy to AD where the user does not need to key in their username & pwd on Midtier page, from what I understand this can be done by using SSO with Kerberos right? please correct me if I am wrong, and I would like to know is there any video tutorial for doing this? thanks a lot!
Hi Darmawan,
Thank you for the comment!
I have added a link for more information in the Before you begin section, For information about service principal, see Generating a keytab file for the service principal.
Your interpretation about Kerberos authentication is correct.
Please follow the end-to-end steps for configuring Kerberos mentioned in the following topics:
For information about setting up Kerberos with Active Directory, see End-to-end steps for configuring Active Directory Kerberos authentication.
For information about setting up Kerberos with MIT Kerberos, see End-to-end steps for configuring MIT Kerberos authentication.
Thanks!
-Abhay
Log in or register to comment.