Secure Application Login with Kerberos/GSSAPI
When both the client and server are located in the same Windows (NT or Active Directory) domain, it is possible to integrate Windows Domain logon to the SSH Tectia client/server solution. This means that when a user logs on to a Windows Domain, the user gets a "ticket" that can be used for authenticating the user to SSH Tectia Server. The authentication procedure is then non-interactive; the user is not prompted to enter a password when SSH Tectia Client or ConnectSecure are connecting to SSH Tectia Server.
GSSAPI authentication can also be used in a mixed Windows/Unix environment. On Unix, GSSAPI interoperates with standard Kerberos implementations that provide a GSSAPI mechanism.
Active Directory/Kerberos is used in the Windows 2000/2003 Domains.
Figure 5.6. Secure application connectivity through GSSAPI
Copyright 2010 SSH Communications Security Corp. This software is protected by international copyright laws. All rights reserved. Contact Information