User's Manual
Using the CMC Directory Service 275
The
CMC Single Sign-On
page is displayed.
3
Click
Login
.
The CMC logs you in, using the Kerberos credentials that were cached by
your browser when you logged in using your valid Active Directory
account. If the login fails, the browser is redirected to the normal CMC
login page.
NOTE: If you did not log in to the Active Directory domain and are using a
browser other then Internet Explorer, the login fails and the browser only
displays a blank page.
Configuring Smart Card Two-Factor
Authentication
Traditional authentication schemes use user name and password to
authenticate users. Two-factor-authentication, on the other hand, provides a
higher-level of security by requiring users to have a password or PIN and
a physical card containing a private key or digital certificate. Kerberos,
a network authentication protocol, uses this two-factor authentication
mechanism allowing systems to prove their authenticity. Microsoft
Windows 2000, Windows XP, Windows Server 2003, Windows Vista,
and Windows Server 2008 use Kerberos as their preferred authentication
method. Starting with CMC version 2.10, the CMC can use Kerberos
to support Smart Card login.
NOTE: Selecting a login method does not set policy attributes with respect to other
login interfaces, for example, SSH. You must set other policy attributes for other
login interfaces as well. If you want to disable all other login interfaces, navigate to
the Services page and disable all (or some) login interfaces.
System Requirements
The "System Requirements" on page 270 for Smart Card are the same as
Single Sign-On.
Configuring Settings
The "Prerequisites" on page 271 for Smart Card are the same as Single Sign-
On.