Figure 3-1
Active Directory Domain: ad.novell.com
Vista/XP Clients
Access Gateway
Protected Resource for Web Server
Contract: Kerberos contract
Kerberos requires the following configuration tasks:
Section 3.4.1, "Prerequisites," on page 114
Section 3.4.2, "Configuring Active Directory," on page 115
Section 3.4.3, "Configuring the Identity Server," on page 117
Section 3.4.4, "Configuring the Clients," on page 123
Section 3.4.5, "Configuring the Access Gateway for Kerberos Authentication," on page 124
Section 3.4.6, "Upgrading from Access Manager 3.0 SP4 or 3.1," on page 124
3.4.1 Prerequisites
Kerberos authentication is supported for the following configuration:
Clients must be running one of the following operating systems:
Windows XP with Internet Explorer 7. Some minimal testing has been done with Internet
Explorer 6. To make Kerberos work with Internet Explorer 6, you need to enable integrated
Windows authentication. For information on how to enable this feature, see
Uses NTLM instead of Kerberos"
Windows Vista* with the latest version of Internet Explorer.
114 Novell Access Manager 3.1 SP1 Identity Server Guide
Example Kerberos Configuration
Active Directory
Identity Server User
First Name: amser
User Logon Name: amser.provo.novell.com
SPN: HTTP/amser.provo.novell.com@REALM.NOVELL.COM
Identity Server
Files: nidpkey.keytab,
Kerberos: class, method, contract
User store: Active Directory
bcsLogin.conf
(http://technet.microsoft.com/en-us/library/cc779070.aspx).
Web Server
"Authentication
Need help?
Do you have a question about the ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER and is the answer not in the manual?