Previous Topic: Kerberos and SSO ConsiderationsNext Topic: Enable a UNAB Host for SSO


How UNAB Registration Works in a Kerberos Enabled Environment

When you register the host in Active Directory, UNAB creates user tickets in the same location as native Kerberos. The user can then transparently proceed to using kerberized application without having to acquire a Ticket Granting Ticket (TGT) manually.

The UNAB registration process in a Kerberos enabled host is as follows:

  1. You run the uxconsole -register command and specify the -sso argument to register UNAB in Active Directory.

    The -sso argument forces the uxconsole to use the host Kerberos files and not the uxauth.ini file.

  2. uxconsole verifies that UNAB can use the host Kerberos file for configuration purposes. One of the following occurs:
    1. uxconsole identifies that the file contains the required domain information to register UNAB.
    2. uxconsole identifies that the file does not contain the required information to register.
  3. If the file does not contain the information, UNAB creates a backup of the original file and sets the kerberos_configuration token to internal.

    Note: If you remove UNAB from Active Directory using the uxconsole -deregister command, the Kerberos configuration file is not modified nor is the backup file removed.

  4. If the file contains the required information, the uxconsole sets the kerberos_configuration token to standard.
  5. The uxconsole continues with the registration process.

    Note: For more information about the uxconsole -register command and the seos.ini kerberos_configuration token, refer to the Reference Guide.

Important! If the Kerberos file on the host does not contain the required information to register UNAB, the registration fails.