Table of Contents
Advertisement
Enabling Kerberos Authentication
Kerberos is a network authentication protocol that allows systems to
communicate securely over a non-secure network. It achieves this by allowing
the systems to prove their authenticity. To keep with the higher
authentication enforcement standards, iDRAC6 now supports Kerberos based
®
Active Directory
authentication to support Active Directory Smart Card
and single sign-on (SSO) logins.
®
®
®
Microsoft
Windows
2000, Windows XP , Windows Server
2003,
®
Windows Vista
, and Windows Server 2008 use Kerberos as their default
authentication method.
iDRAC6 uses Kerberos to support two types of authentication mechanisms—
Active Directory single sign-on and Active Directory Smart Card logins. For
single-sign on login, iDRAC6 uses the user credentials cached in the
operating system after the user has logged in using a valid Active Directory
account.
For Active Directory smart card login, iDRAC6 uses smart card-based two
factor authentication (TFA) as credentials to enable an Active Directory
login.
Kerberos authentication on iDRAC6 fails if iDRAC6 time differs from the
Domain Controller time. A maximum offset of 5 minutes is allowed. To
enable successful authentication, synchronize the server time with the
Domain Controller time and then reset iDRAC6.
You can also use the following RACADM time zone offset command to
synchronize the time:
racadm config -g cfgRacTuning -o
cfgRacTuneTimeZoneOffset <offset value>
167
Enabling Kerberos Authentication
- Quick Links:
- Configuration Tasks
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
