Using Kerberos for authentication
Kerberos is a network authentication protocol that is designed to provide strong authentication for client/server applications by using strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. This topic contains the following information:
Before you begin
Before using Kerberos for authentication, a service principal for the BMC Atrium Single Sign-On server must be added to the realm. This service principal is used by clients to request a service ticket when authenticating. The service principal name is based on the host name of the server running BMC Atrium Single Sign-On. For information about service principal, see Generating-a-keytab-file-for-the-service-principal.
To use Kerberos authentication with Active Directory (AD) installed on a Windows 2008 machine, upgrade Windows 2008 to SP2 (at least) or apply the Hotfix for Windows (KB951191). In addition, the identity used for the service principal cannot be the computer identity hosting the Atrium SSO service.
To set up Kerberos to use for authentication
For information about setting up Kerberos with Active Directory, see End-to-end-steps-for-configuring-Active-Directory-Kerberos-authentication.
For information about setting up Kerberos with MIT Kerberos, see End-to-end-steps-for-configuring-MIT-Kerberos-authentication.
For information about troubleshooting issues with Kerberos, see Troubleshooting-Kerberos-authentication.
Where to go from here
- For information about managing users, user groups, and authentication modules, see Administering.