Copy the keytab files you created in the sectionTo Configure a UNIX Kerberos Domain Controller or the section To Configure Windows Active Directory and Domain Controller.
Place the copied files in the OpenSSO Enterprise host, in a directory such as /etc/opt/SUNWam/config.
Log into the OpenSSO Enterprise administration console as amadmin.
Go to Access Control > Default Realm > Authentication.
In the Module Instances page, click New.
Enter a name for the new login module, and then select Windows Desktop SSO. Click OK.
In the Module Instances page, click the name of the new login module and provide the following information:
HTTP/ openSSOhost.example.com@EXAMPLE.COM
/etc/opt/SUNWam/config/openSSOhost.HTTP.keytab
OPENSSOHOST.EXAMPLE.COM
Kerberos.example.com
If multiple Kerberos Domain Controllers exist for failover purposes, all Kerberos Domain Controllers can be set using a colon (:) as the separator.
False
0
Restart the OpenSSO Enterprise server.
If OpenSSO Enterprise is deployed on IBM Websphere, then Keytab File Name has to be specified in FILE:// format. Example: FILE:///etc/opt/SUNWam/config/openSSOhost.HTTP.keytab.
If OpenSSO Enterprise is deployed on IBM Websphere, the keytab file has to use the DES-CBC-MD5 crypto option. After restarting the server, the administrator can access the module with a browser pointing to this URL: http://openSSOhost.example.com/amserver/UI/Login?module=WinSSO.The browser should no longer prompt the user for userid and password.