DOCS

Activating Kerberos Authentication

In Metability, Kerberos authentication accesses the Windows credential cache to authenticate the user who is currently logged on to the computer. The user will be allowed access to Rochade without having to log in again.

These are the prerequisites for using Kerberos authentication in Metability:

  • A key distribution center (KDC) must be available (for example, a Microsoft Windows domain controller).
  • A correctly configured Kerberos implementation must exist on the computers that run Metability and DI Server.
  • A Kerberos account must exist for each user that wants to log into Metability (for example, a Windows domain user account).
  • The DI Server must be registered as a service in the KDC using a unique SPN and it must be configured for Kerberos authentication. For more information, see the ASG-Rochade System Administrator’s Guide.

For a detailed introduction to Kerberos, see the Microsoft TechNet article provided at http://technet.microsoft.com/en-us/library/bb742431.aspx.

To activate Kerberos authentication in Metability

  1. Open the dataspace.xml file for editing.
  2. Add this parameter to the SERVER entry that pertains to the server connection for which you want to enable Kerberos authentication:

    3. authType="kerberos"

    For example:

    <SERVER Name="User connection" host="rosrv.asg.com" port="8888" authType="kerberos"/>

  3. Optional. Enable debugging by adding this Java system property:

    4. <PROPERTY key="sun.security.krb5.debug" value="true"/>

  4. Optional. Disable mutual authentication by adding this Java system property (that is, the server does not have to prove its identity to the client):

    5. <PROPERTY key="de.rochade.ds.GssAuth.isMutualRequested" value="false"/>

    By default, mutual authentication is required.
  5. Save your changes.
Terms|Privacy Policy|Contact Us
Copyright © 2021 ASG Technologies. All rights reserved