Previous Topic: How UNAB Registration Works in a Kerberos Enabled EnvironmentNext Topic: Check for System Compliance


Enable a UNAB Host for SSO

You can configure UNAB host for SSO to enable Active Directory users logged in to one UNAB host to log in to another UNAB host with their user names. In SSO enabled mode, UNAB maintains the keys it generated in the UNIX repository. Kerberos enabled applications use the keys to authenticate users when they log into another host.

Important! Verify that each host that you enable UNAB in SSO mode on is Kerberos enabled. Use the uxpreinstall utility to check for system compliance before you begin this procedure.

To enable a UNAB host for SSO

  1. Log in to the UNIX host as root.
  2. Register UNAB with Active Directory in SSO mode. Run the following command:
    ./uxconsole -register -d<active_directory_domain> -sso
    

    Note: You do not need to de-register UNAB before you register UNAB in SSO mode.

  3. Activate UNAB to enable users to log in to the UNIX host. Run the following command:
    ./uxconsole -activate
    
  4. Verify that the Kerberos mode is set to Standard using the -status -detail arguments. For example:
    ./uxconsole -status -detail | grep Kerberos
    
    Kerberos configuration - standard
    

    You have configured the UNAB host for SSO.