Users Guide
Enabling Kerberos Authentication 147
7
Enabling Kerberos Authentication
Kerberos is a network authentication protocol that allows systems to
communicate securely over a non-secure network. It achieves this by allowing
the systems to prove their authenticity.
Microsoft Windows 2000, Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008 use Kerberos as their default
authentication method.
Starting with DRAC 5 version 1.40, the DRAC 5 uses Kerberos to support
two types of authentication mechanisms—single sign-on and Active
Directory Smart Card login. For the single-sign on, the DRAC 5 uses the user
credentials cached in the operating system after the user has logged in using
a valid Active Directory account.
Starting with DRAC 5 version 1.40, Active Directory authentication will use
the Smart Card-based two factor authentication (TFA) in addition to the
username-password combination, as valid credentials.
Prerequisites for Setting up Kerberos
Authentication
• Configure the DRAC 5 for Active Directory login. For more information,
see "Using Active Directory to Log Into the DRAC 5" on page 142.
• For the Active Directory users for whom you want to provide Kerberos
authentication, set the following properties:
• Use DES encryption types for this account
• Do not require Kerberos pre-authentication
• Register the DRAC 5 as a computer in the Active Directory root domain.
a
Navigate to
Remote Access
Configuration
tab
Network
subtab
Network Settings
.
b
Provide a valid
Preferred/Static DNS Server
IP address. This value is
the IP address of the DNS that is part of the root domain, which
authenticates the Active Directory accounts of the users.