Kerberos authentication

Kerberos authentication provides secure silent authentication for Web browser clients. The client gets a Kerberos ticket for the Web service, then sends its Kerberos credentials to the Web server. The mod_auth_centrifydc module then uses Kerberos algorithms to validate the user’s credentials.

To enable Kerberos authentication:

  • The Web page, Web directory, virtual Web site, or entire Web site must be configured to be protected with Kerberos authentication.
  • The Web browser client must support Kerberos. See Configuring silent authentication to learn how to configure Internet Explorer and Firefox to use Kerberos for silent authentication.
  • The Windows user to be authenticated must specify an Active Directory domain account by either logging in using an Active Directory domain account or specifying a fully qualified domain name when prompted.
  • The Web server must be joined to a domain in the same forest as the client’s Active Directory account.