Using the Windows Desktop SSO Authentication Module with Multiple Kerberos Domain Controllers
You can configure the Windows Desktop SSO authentication module to work with multiple Kerberos Domain Controllers. This is useful for deploying a failover Kerberos server.
When you configure the Windows Desktop SSO authentication module with a keytab file from one of the trusted domain controllers, any user belonging to any of the trusted domains can authenticate through the Windows Desktop SSO authentication module. Administrators can configure and manage trust relationships in environments containing multiple Active Directories.
To make the Windows domain controller a part of the trusted nodes, and to make the Windows domain controller work with the Windows Desktop SSO authentication module, the following conditions must be met:
-
You must use Windows 2003 or a later version.
-
The domain controller functional level must be set at Windows Server 2003.
-
Trust must be configured.
Trust configuration is beyond the scope of this document. The following links provide useful related information:
-
Configuring KDC Servers in System Administration Guide: Security Services
-
Configuring Cross-Realm Authentication in System Administration Guide: Security Services
The following procedures will help you navigate to the configuration areas of the Windows domain controller:
To Locate the Trust Configuration Window
-
From the Windows Start menu, choose Administrative Tools > Active Directory Domains and Trusts.
-
In the Active Directory Domains and Trusts window, right-click the domain name and click Properties.
-
Click the Trusts tab.
-
Click New.
To Promote the Domain Controller Functional
Level
- © 2010, Oracle Corporation and/or its affiliates