Owner's Manual
Using the CMC Directory Service 299
Client Systems
• For only Smart Card login, the client system must have the Microsoft
Visual C++ 2005 redistributable. For more information see
www.microsoft.com/downloads/details.aspx?FamilyID=
32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en
• For Single Sign-On and Smart Card login, the client system must be a part
of the Active Directory domain and Kerberos Realm.
CMC
• CMC must have firmware version 2.10 or later
• Each CMC must have an Active Directory account
• CMC must be a part of the Active Directory domain and Kerberos Realm
Configuring Settings
Prerequisites
• The Kerberos realm & Key Distribution Center (KDC) for Active
Directory (AD) has been setup (ksetup).
• A robust NTP and DNS infrastructure to avoid issues with clock drift &
reverse lookup.
• The CMC standard schema role group with authorized members.
Configuring Active Directory
On the CMC Properties dialog box under the Accounts options section,
configure these settings:
•
Account is trusted for delegation
— Currently CMC does not use
forwarded credentials that are created when this option is selected.
You may or may not select this option depending upon other
services requirements.
•
Account is sensitive and cannot be delegated
— You may or may not
select this option depending upon other services requirements.
•
User Kerberos DES encryption types for the account
— Select this option.
•
Do not require Kerberos preauthentication
— Do not select this option.