Installation Manual

ManualsBrandsHP ManualsComputers & AccessoriesHigh-End HP ProLiant DL360P G8 Server 2 x 2.90Ghz E5-2690 8C 192GB 8x Caddies (Certified Refurbished)

271

272

273

274

275

276

277

278

279

280

24 Kerberos authentication and Directory services

Kerberos authentication with iLO

Kerberos support enables a user to log in to iLO by clicking the Zero Sign In button on the login

page instead of entering a user name and password. To log in successfully, the client workstation

must be logged in to the domain, and the user must be a member of a directory group for which

iLO is configured. If the workstation is not logged in to the domain, the user can log in to iLO by

using the Kerberos UPN and domain password.

Because a system administrator establishes a trust relationship between iLO and the domain

before user sign-on, any form of authentication (including two-factor authentication) is supported.

For information about configuring a user account to support two-factor authentication, see the

server operating system documentation.

Configuring Kerberos authentication

Process overview:

1. Configure the iLO host name and domain name.

2. Prepare the domain controller for Kerberos support.

3. Generate a Kerberos keytab file.

4. Verify that your environment meets the Kerberos authentication time requirements.

5. Configure Kerberos support in iLO

6. Configure supported browsers for single-sign-on

7. Install an iLO Advanced license to enable Kerberos Authentication.

Configuring the iLO hostname and domain name for Kerberos authentication

If a DHCP server does not supply the domain name or DNS servers you want to use:

1. Navigate to the Network→iLO Dedicated Network Port page.

2. Click the IPv4 tab.

3. Clear the following check boxes, and then click Submit.

• Use DHCPv4 Supplied Domain Name

• Use DHCPv4 Supplied DNS Servers

4. Click the IPv6 tab.

5. Clear the following check boxes, and then click Submit.

• Use DHCPv6 Supplied Domain Name

• Use DHCPv6 Supplied DNS Servers

6. Click the General tab.

7. Optional: Update the iLO Subsystem Name (Hostname).

8. Update the Domain Name.

9. Click Submit.

10. Click Reset to restart iLO.

iLO hostname and domain name requirements for Kerberos authentication

• Domain Name—The iLO domain name value must match the Kerberos realm name, which

is typically the domain name converted to uppercase letters. For example, if the parent

domain name is somedomain.net, the Kerberos realm name is SOMEDOMAIN.NET.

• iLO Subsystem Name (Hostname)—The configured iLO hostname must be identical to

the iLO hostname that you use when you generate the keytab file. The iLO hostname is

case sensitive.

278 Kerberos authentication and Directory services