Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerChassis Management Controller Version 5.20 for Dell PowerEdge M1000E
141142143144145146147148149150
10
Configuring CMC For Single Sign-On Or Smart
Card Login
This section provides information to configure CMC for Smart Card login and Single Sign-On (SSO) login for Active Directory users.
Starting with CMC version 2.10, CMC supports Kerberos based Active Directory authentication to support Smart Card and SSO
logins.
SSO uses kerberos as an authentication method allowing users who have signed in to the domain to have an automatic or single
sign-on to subsequent applications such as Exchange. For single sign-on login, CMC uses the client system’s credentials, which are
cached by the operating system after you log in using a valid Active Directory account.
Two-factor-authentication, provides a higher-level of security by requiring users to have a password or PIN and a physical card
containing a private key or digital certificate. Kerberos uses this two-factor authentication mechanism allowing systems to prove
their authenticity.
NOTE: Selecting a login method does not set policy attributes with respect to other login interfaces, for example, SSH.
You must set other policy attributes for other login interfaces as well. If you want to disable all other login interfaces,
navigate to the Services page and disable all (or some) login interfaces.
Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows 7, and Windows Server 2008 can use
Kerberos as the authentication mechanism for SSO and smart card login.
For information on Kerberos, see the Microsoft website.
Related links
System Requirements
Prerequisites For Single Sign-On Or Smart Card Login
Configuring CMC SSO Or Smart Card Login For Active Directory Users
System Requirements
To use the Kerberos authentication, the network must include:
DNS server
Microsoft Active Directory Server
NOTE: If you are using Active Directory on Windows 2003, make sure that you have the latest service packs and
patches installed on the client system. If you are using Active Directory on Windows 2008, make sure that you have
installed SP1 along with the following hot fixes:
Windows6.0-KB951191-x86.msu for the KTPASS utility. Without this patch the utility generates bad keytab files.
Windows6.0-KB957072-x86.msu for using GSS_API and SSL transactions during an LDAP bind.
Kerberos Key Distribution Center (packaged with the Active Directory Server software).
DHCP server (recommended).
The DNS server reverse zone must have an entry for the Active Directory server and CMC.
Client Systems
For only Smart Card login, the client system must have the Microsoft Visual C++ 2005 redistributable. For more information see
www.microsoft.com/downloads/details.aspx?FamilyID= 32BC1BEEA3F9-4C13-9C99-220B62A191EE&displaylang=en
For Single Sign-On or smart card login, the client system must be a part of the Active Directory domain and Kerberos Realm.
143