Filter
Top Products
Configuring iDRAC6 for Single Sign-On or Smart Card Login
8
Configuring iDRAC6 for Single Sign-
On or Smart Card Login
This section provides information to configure iDRAC6 for Smart Card login
for local users and Active Directory users, and Single Sign-On (SSO) login for
Active Directory users.
iDRAC6 supports Kerberos based Active Directory authentication to support
Active Directory Smart Card and SSO logins.
About Kerberos Authentication
Kerberos is a network authentication protocol that allows systems to
communicate securely over a non-secure network. It achieves this by allowing
the systems to prove their authenticity. To keep with the higher
authentication enforcement standards, iDRAC6 now supports Kerberos
based Active Directory authentication to support Active Directory Smart
Card and SSO logins.
Microsoft Windows 2000, Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008 use Kerberos as their default
authentication method.
The iDRAC6 uses Kerberos to support two types of authentication
mechanisms—Active Directory SSO and Active Directory Smart Card logins.
For Active Directory SSO login, iDRAC6 uses the user credentials cached in
the operating system after the user has logged in using a valid Active
Directory account.
For Active Directory smart card login, iDRAC6 uses smart card-based two
factor authentication (TFA) as credentials to enable an Active Directory
login. This is the follow on feature to the local Smart Card authentication.
Kerberos authentication on iDRAC6 fails if the iDRAC6 time differs from
the domain controller time. A maximum offset of 5 minutes is allowed.
To enable successful authentication, synchronize the server time with the
domain controller time and then reset the iDRAC6.