Users Guide

150 Enabling Kerberos Authentication
Since the DRAC 5 is a device with a non-Windows operating system, run
the
ktpass
utility—part of Microsoft
®
Windows
®
—on the Domain
Controller (Active Directory server) where you want to map the DRAC 5
to a user account in Active Directory. For example,
C:\>ktpass -princ HOST/
dracname
.
domain-
name
.com@
domain-name
.COM -mapuser
dracname
-crypto
DES-CBC-MD5 -ptype KRB5_NT_PRINCIPAL -pass * -out
c:\krbkeytab
NOTE: The cryptography type that DRAC 5 supports for Kerberos
authentication is DES-CBC-MD5
.
This procedure will produce a keytab file that you should upload to the
DRAC 5.
NOTE: The keytab contains an encryption key and should be kept secure.
For more information on the
ktpass
utility, see the Microsoft website at:
http://technet2.microsoft.com/windowsserver/en/library/64042138-9a5a-
4981-84e9-d576a8db0d051033.mspx?mfr=true
The DRAC 5 time should be synchronized with the Active Directory
domain controller.
Configuring the DRAC 5 for Single Sign-On and
Active Directory Authentication Using Smart Card
Upload the keytab obtained from the Active Directory root domain, to the
DRAC 5:
1
Navigate to
Remote Access
Configuration
tab
Active Directory
subtab.
2
Select
Upload Kerberos Keytab
and click
Next
.
3
On the
Kerberos Keytab Upload
page, navigate to the folder where you
saved the keytab and click
Upload
.