Previous Topic: Windows Authentication Schemes

Next Topic: Windows Authentication Scheme Prerequisites

Kerberos Support

Kerberos is used for domain authentication in Windows 2000 with user and computer principals stored in Active Directory. Kerberos provides a platform independent architecture for authentication and single sign-on. However, this support is limited to Microsoft Web servers and browsers running Windows 2000, Windows XP and .NET.

SiteMinder supports Kerberos authentication indirectly using Windows authentication scheme. With SiteMinder 4.61, you can use Kerberos authentication only when the Web server is Microsoft IIS and the browser is Microsoft IE. SiteMinder Release 5.x supports using any SiteMinder Web Agent by allowing redirected NTLM authentication to an IIS server.

Users who login to their desktop using NT authentication, and use IE to access e-Business applications deployed on any Web server (including non-IIS Web servers), can login to SiteMinder without being re-challenged as long as there is one IIS web-server configured to use SiteMinder. This powerful capability allows the user to remember only their desktop password and still gives the enterprise the flexibility to choose the platform that is right for the application.


Copyright © 2010 CA. All rights reserved. Email CA about this topic