Kerberos authentication through an External Authentication Interface (EAI)
The appliance internally supports Kerberos authentication for use with Windows clients to achieve Windows desktop single sign-on. Alternatively, we can configure a junctioned web server to handle Kerberos authentication on behalf of the appliance.
The junctioned web server acts as an External Authentication Interface (EAI) application and completes the Kerberos authentication. This web server, known as the Kerberos Authenticator, then passes the authenticated user identity back to the appliance in an EAI header. For information about EAI, see External authentication interface.
Topic index:
- Configure Kerberos authentication with an external Kerberos Authenticator
We can achieve Windows desktop single signon by configuring a Kerberos Authenticator to authenticate clients on behalf of the appliance.- Limitations
When using an external Kerberos authenticator, the appliance can support Kerberos authentication only. It cannot support NTLM authentication.
Parent topic: Authentication methods
Related concepts
- Basic authentication
- Forms authentication
- Client-side certificate authentication
- Token authentication
- Windows desktop single sign-on
- LTPA authentication
- OAuth Authentication
- OpenID Connect (OIDC) authentication
Related reference