Kerberos support, Domain controller preparation, Realm names – HP Integrated Lights-Out 4 User Manual
Page 251: Computer accounts, Realm names computer accounts
2.
Is your configuration scalable?
•
No—Deploy an instance of the schema-free directory integration to evaluate whether this
method meets your policy and procedural requirements. If necessary, you can deploy HP
schema directory integration later. For more information, see
.
•
Yes—Use HP schema directory integration. For more information, see
extended schema directory integration” (page 260)
.
The following questions can help you determine whether your configuration is scalable:
•
Are you likely to change the rights or privileges for a group of directory users?
•
Will you regularly script iLO changes?
•
Do you use more than five groups to control iLO privileges?
For more information, see the comprehensive list of benefits in
“Directory integration benefits”
“Directory-enabled remote management” (page 280)
explains how roles, groups, and
security are enabled and enforced through directories.
Kerberos support
Kerberos support enables a user to log in to iLO without supplying a user name and password if
the client workstation is logged in to the domain and the user is a member of a directory group
for which iLO is configured. If the workstation is not logged in to the domain, the user can also
log in to iLO by using the Kerberos user name and domain password. Kerberos support can be
configured through the web interface, XML (RIBCL), or SSH (partial support for CLI).
Because a trust relationship between iLO and the domain is established by a system administrator
before user sign-on, any form of authentication (including two-factor authentication) is supported.
For instructions on configuring a user to support two-factor authentication, see the server operating
system documentation.
Click the following link for a video demonstration of this feature:
For more HP iLO videos, see the HP iLO University Videos website:
Domain controller preparation
In a Windows Server environment, Kerberos support is part of the domain controller.
Realm names
The Kerberos realm name for a DNS domain is usually the domain name converted to uppercase.
For example:
•
Parent domain name: example.net
•
Kerberos realm name: EXAMPLE.NET
Computer accounts
A computer account must be present and enabled in the domain directory for each iLO account.
In Windows, create the user account in the Active Directory Users and Computers snap-in. For
example:
•
iLO host name: iloname
•
Parent domain name: example.net
•
iLO domain name (fully qualified): iloname.example.net
Kerberos support
251