Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 6.10 For Dell PowerEdge M1000e
161162163164165166167168169170
Conguring CMC For Single Sign-On Or Smart
Card Login
This section provides information to congure CMC for Smart Card login and Single Sign-On (SSO) login for Active Directory users.
Starting with CMC version 2.10, CMC supports Kerberos based Active Directory authentication to support Smart Card and SSO logins.
SSO uses kerberos as an authentication method allowing users who have signed in to the domain to have an automatic or single sign-on to
subsequent applications such as Exchange. For single sign-on login, CMC uses the client system’s credentials, which are cached by the
operating system after you log in using a valid Active Directory account.
Two-factor-authentication, provides a higher-level of security by requiring users to have a password or PIN and a physical card containing a
private key or digital certicate. Kerberos uses this two-factor authentication mechanism allowing systems to prove their authenticity.
NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH. You must
set other policy attributes for other login interfaces as well. If you want to disable all other login interfaces, navigate to the
Services page and disable all (or some) login interfaces.
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 can use Kerberos as
the authentication mechanism for SSO and smart card login.
For information on Kerberos, see the Microsoft website.
Topics:
System Requirements
Prerequisites For Single Sign-On Or Smart Card Login
Conguring CMC SSO Or Smart Card Login For Active Directory Users
Related links
System Requirements
Prerequisites For Single Sign-On Or Smart Card Login
Conguring CMC SSO Or Smart Card Login For Active Directory Users
System Requirements
To use the Kerberos authentication, the network must include:
DNS server
Microsoft Active Directory Server
NOTE
: If you are using Active Directory on Windows 2003, make sure that you have the latest service packs and patches
installed on the client system. If you are using Active Directory on Windows 2008, make sure that you have installed SP1 along
with the following hot xes:
Windows6.0-KB951191-x86.msu for the KTPASS utility. Without this patch the utility generates bad keytab les.
Windows6.0-KB957072-x86.msu for using GSS_API and SSL transactions during an LDAP bind.
10
Conguring CMC For Single Sign-On Or Smart Card Login 161