action.skip

Windows Authentication - Kerberos

Kerberos is an authentication protocol that uses cryptographic tickets to avoid transmitting plain text passwords. Clients obtain ticket-granting tickets from the Kerberos Key Distribution Center (KDC) and present those tickets as their network credentials to gain access to services.

In Host Access for the Cloud, Kerberos allows end users to access their host sessions on the session server without being prompted for credentials.

Note

Kerberos authentication to AS/400 hosts is also supported, however that functionality is not yet integrated with Kerberos for authenticating end users accessing the session server.

Steps to configure Kerberos

  1. OAuth must first be enabled before configuring Kerberos.

  2. Configure Kerberos in the MSS Administrative Console.

Configure your browser for Kerberos

In order to sign in using Kerberos, your browser must be configured correctly for Windows Authentication via Kerberos and your machine must be a member of the proper domain (Kerberos realm). Please consult the help for your specific browser for instructions on how to enable Kerberos.

Launch sessions

HACloud sessions need no additional configuration to launch and authenticate using Kerberos, as long as your browser has been configured correctly for Windows Authentication / Kerberos. Just navigate to https://cluster-dns.mydomain.com and you'll be automatically logged into the HACloud session server.