Users Guide
Enabling Kerberos Authentication 149
Enabling Kerberos Authentication
Kerberos is a network authentication protocol that allows systems to
communicate securely over a non-secure network. It achieves this by allowing
the systems to prove their authenticity.
Microsoft
®
Windows
®
2000, Windows XP, Windows Server
®
2003,
Windows Vista
®
, and Windows Server 2008 use Kerberos as their default
authentication method.
Starting with DRAC 5 version 1.40, the DRAC 5 uses Kerberos to support two
types of authentication mechanisms—single sign-on and Active Directory
Smart Card login.
For the single-sign on, the DRAC 5 uses the user credentials cached in the
operating system after the user has logged in using a valid Active Directory
account.
Starting with DRAC 5 version 1.40, Active Directory authentication will use
the Smart Card-based two factor authentication (TFA) in addition to the
username-password combination, as valid credentials.
Prerequisites for Single Sign-On and Active
Directory Authentication Using Smart Card
• Configure the DRAC 5 for Active Directory login. For more information,
see "Using Active Directory to Log Into the DRAC 5."
• Register the DRAC 5 as a computer in the Active Directory root domain.
a
Navigate to
Remote Access
→
Configuration
tab
→
Network
subtab
→
Network Settings
.
b
Provide a valid
Preferred/Static DNS Server
IP address. This value is
the IP address of the DNS that is part of the root domain, which
authenticates the Active Directory accounts of the users.
c
Select
Register DRAC on DNS
.
d
Provide a valid
DNS Domain Name
.
See the
DRAC 5 Online Help
for more information.