GSSAPI Kerberos Authentication
Reflection for Secure IT supports client authentication using Kerberos V5, a common GSSAPI implementation. No password is required, nor is it necessary to distribute keys or certificates. Windows uses Kerberos for network authentication, and Reflection for Secure IT integrates with the Windows Kerberos implementation.
When this method is enabled, both the client and server can obtain user tickets automatically from the Windows credential cache, and use these tickets for authentication.
Note
When GSSAPI is enabled for client authentication, you can also configure the Secure Shell connection to use Kerberos for server authentication.
GSSAPI Kerberos V5 Pane
From the server console, click Configuration > Authentication > GSSAPI / Kerberos V5 .
The Secure Shell protocol supports Kerberos authentication via GSSAPI (Generic Security Services Application Programming Interface). Reflection for Secure IT supports Kerberos authentication when the KDC is a Windows domain controller. Both the client user and server host must be part of the same Windows domain.
| Setting | Description |
|---|---|
| Allow/Require/Deny | Deny is the default. |
More information