Differences

This shows you the differences between two versions of the page.

Link to this comparison view

72:autologin_system_design [2018/07/06 15:51]
bkkr created
72:autologin_system_design [2018/07/06 15:52] (current)
bkkr [Autologin System Design]
Line 2: Line 2:
  
 ====== Autologin System Design ====== ====== Autologin System Design ======
 +
 +The autologin mechanism implemented in Active Directory is based on the Kerberos standard. For HTTP authentication the SPNego token format (RFC4178) is used together with an extension to the HTTP protocol (RFC 4559).
 +
 +Kerberos requires a KDC (Key Distribution Center), which is configured by the Active Directory Management Utilities. Each member of the Active Directory maintains a trust relationship to the KDC. For Windows Clients, it is the Computer Account inside the Active Directory. For 3rd party systems (like Unix or Stages) it is a specifically configured user account, which has its credentials exported to a keytab file.
 +
 +{{:​72:​19243c481c3a9f9c6a8fa2b7f798e02f.png}}
 +
 +Configuring the trust relationship between Stages and the KDC is necessary to enable Autologin support. The following sections will guide you step-by-step through this maintenance process.