Limitations

When using an external Kerberos authenticator, the appliance can support Kerberos authentication only. It cannot support NTLM authentication.

The Windows NTLM implementation requires the same connection is used during the multiple stages of the authentication process. WebSEAL cannot always provide the same connection for use throughout the authentication process. Therefore, we cannot use a server that supports only NTLM authentication as the Kerberos Authenticator. Use a server that supports Kerberos authentication as the Kerberos Authenticator. Microsoft Internet Information Services (IIS) uses NTLM authentication by default.

Parent topic: Kerberos authentication through an External Authentication Interface (EAI)