System requirements – Dell POWEREDGE M1000E User Manual

Page 147

Advertising
background image

10

Configuring CMC For Single Sign-On Or Smart

Card Login

This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login for Active
Directory users.
Starting with CMC version 2.10, CMC supports Kerberos based Active Directory authentication to support Smart Card
and SSO logins.
SSO uses kerberos as an authentication method allowing users who have signed in to the domain to have an automatic
or single sign-on to subsequent applications such as Exchange. For single sign-on login, CMC uses the client system’s
credentials, which are cached by the operating system after you log in using a valid Active Directory account.
Two-factor-authentication, provides a higher-level of security by requiring users to have a password or PIN and a
physical card containing a private key or digital certificate. Kerberos uses this two-factor authentication mechanism
allowing systems to prove their authenticity.

NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example,

SSH. You must set other policy attributes for other login interfaces as well. If you want to disable all other login

interfaces, navigate to the Services page and disable all (or some) login interfaces.

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008
can use Kerberos as the authentication mechanism for SSO and smart card login.
For information on Kerberos, see the Microsoft website.
Related Links

System Requirements
Prerequisites For Single Sign-On Or Smart Card Login
Configuring CMC SSO Or Smart Card Login For Active Directory Users

System Requirements

To use the Kerberos authentication, the network must include:

DNS server

Microsoft Active Directory Server

NOTE: If you are using Active Directory on Windows 2003, make sure that you have the latest service packs

and patches installed on the client system. If you are using Active Directory on Windows 2008, make sure that

you have installed SP1 along with the following hot fixes:
Windows6.0-KB951191-x86.msu for the KTPASS utility. Without this patch the utility generates bad keytab files.
Windows6.0-KB957072-x86.msu for using GSS_API and SSL transactions during an LDAP bind.

Kerberos Key Distribution Center (packaged with the Active Directory Server software).

DHCP server (recommended).

The DNS server reverse zone must have an entry for the Active Directory server and CMC.

147

Advertising
Popular Brands
Popular manuals