Kerberos Autologin

Autologin System Design

The autologin mechanism implemented in Active Directory is based on the Kerberos standard. For HTTP authentication the SPNego token format (RFC4178) is used together with an extension to the HTTP protocol (RFC 4559).

Kerberos requires a KDC (Key Distribution Center), which is configured by the Active Directory Management Utilities. Each member of the Active Directory maintains a trust relationship to the KDC. For Windows Clients, it is the Computer Account inside the Active Directory. For 3rd party systems (like Unix or Stages) it is a specifically configured user account, which has its credentials exported to a keytab file.

Configuring the trust relationship between Stages and the KDC is necessary to enable Autologin support. The following sections will guide you step-by-step through this maintenance process.