8

Configuring iDRAC6 for Single Sign- On or Smart Card Login

This section provides information to configure iDRAC6 for Smart Card login for local users and Active Directory users, and Single Sign-On (SSO) login for Active Directory users.

iDRAC6 supports Kerberos based Active Directory authentication to support Active Directory Smart Card and SSO logins.

About Kerberos Authentication

Kerberos is a network authentication protocol that allows systems to communicate securely over a non-secure network. It achieves this by allowing the systems to prove their authenticity. To keep with the higher authentication enforcement standards, iDRAC6 now supports Kerberos based Active Directory authentication to support Active Directory Smart Card and SSO logins.

Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008 use Kerberos as their default authentication method.

The iDRAC6 uses Kerberos to support two types of authentication mechanisms—Active Directory SSO and Active Directory Smart Card logins. For Active Directory SSO login, iDRAC6 uses the user credentials cached in the operating system after the user has logged in using a valid Active Directory account.

For Active Directory smart card login, iDRAC6 uses smart card-based two factor authentication (TFA) as credentials to enable an Active Directory login. This is the follow on feature to the local Smart Card authentication.

Kerberos authentication on iDRAC6 fails if the iDRAC6 time differs from the domain controller time. A maximum offset of 5 minutes is allowed. To enable successful authentication, synchronize the server time with the domain controller time and then reset the iDRAC6.

Configuring iDRAC6 for Single Sign-On or Smart Card Login

Page 187
Image 187
Dell IDRAC6 manual Configuring iDRAC6 for Single Sign- On or Smart Card Login, About Kerberos Authentication