Previous Topic: Configure the Java Location on Linux IA64 EndpointNext Topic: How UNAB Registration Works in a Kerberos Enabled Environment


Kerberos and SSO Considerations

You can install and register UNAB on a Kerberos enabled endpoint to leverage the Kerberos Single Sign On (SSO) service to authenticate once and log into multiple endpoints with the same user credentials. If not configured, you enable SSO functionality on the endpoint by installing and configuring Kerberized network services and applications.

Because configurations differ between systems, we strongly recommend that you do the following before you enable Kerberos and SSO on the endpoint:

Note: For more system-specific Kerberos and SSO configuration, see your system documentation.

Example: Configure Kerberos on Solaris

The following example shows you the configuration required to configure Kerberos on Solaris. In this example, you install and configure Solaris packages to enable Kerberos.

Important! You may need to install and configure additional packages to configure the system you are using for Kerberos.

The following is a snippet from the /etc/pam.conf file displays the added sections that enable Kerberos authentication for rlogin, rsh and telnet:

# Kerberized rlogin service
#
krlogin	auth required		pam_unix_cred.so.1
krlogin	auth required		pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth, 
# and pam_unix_auth for meaningful pam_setcred) 
#
rsh	auth sufficient		pam_rhosts_auth.so.1
rsh	auth required		pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh	auth required		pam_unix_cred.so.1
krsh	auth required		pam_krb5.so.1
#
# Kerberized telnet service
#
ktelnet	auth required		pam_unix_cred.so.1
ktelnet	auth required		pam_krb5.so.1