Using Kerberos for authentication

Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications by using strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. This topic contains the following information:

• • Configuring Kerberos video
  • Before you begin
  • To set up Kerberos to use for authentication
  • Where to go from here

Configuring Kerberos video

Click the following BMC Atrium Single Sign-On 8.1 Kerberos configuration video for more information:

^{Embedded player can toggle to full screen | YouTube: https://www.youtube.com/watch?v=Deo2od9ePRg}

Before you begin

Before using Kerberos for authentication, a service principal for the BMC Atrium Single Sign-On server must be added to the realm. This service principal is used by clients to request a service ticket when authenticating. The service principal name is based on the host name of the server running BMC Atrium Single Sign-On.

To use Kerberos authentication with Active Directory (AD) installed on a Windows 2008 machine, upgrade Windows 2008 to SP2 (at least) or apply the Hotfix for Windows (KB951191). In addition, the identity used for the service principal cannot be the computer identity hosting the Atrium SSO service.

To set up Kerberos to use for authentication

1. Generating a keytab for the service principal and mapping the Kerberos service name
2. Configuring-the-Kerberos-module
3. Reconfiguring-your-browser

For information about troubleshooting issues with Kerberos, see Troubleshooting-Kerberos-authentication.

Where to go from here

• For information about managing users, user groups, and authentication modules, see Administering.
• For information about troubleshooting issues with Kerberos, see Troubleshooting-Kerberos-authentication.