User Authentication
273
n
ov
do
cx (e
n)
16
Ap
ril 20
10
For more information, see the
Microsoft TechNet Web site (http://technet.microsoft.com/en-us/
library/cc753771(WS.10).aspx)
.
For example, if you created a user called atsserver in your domain, you would run the following
command from the command prompt:
ktpass /princ host/atsserver.users.
myserver
.com@
MYSERVER
.COM -pass
atsserver_password
-mapuser atsserver -out atsserver.keytab -mapOp set -
ptype KRB5_NT_PRINCIPAL
This command creates a keytab file and modifies the user atsserver to be a Kerberos principal.
2
Import the keytab file into ZENworks Control Center.
2a
In ZENworks Control Center, click the
Configuration
tab, click
Infrastructure
Management
, then click
User Source Settings
.
2b
Click to browse to and select the keytab file.
2c
Click OK to import the file.
Enabling Kerberos Authentication While Adding a User Source
You can enable Kerberos authentication while adding a user source. For more information see
Section 31.2.1, “Adding User Sources,” on page 258
.
Enabling Kerberos Authentication on an Existing User Source
You can enable Kerberos authentication on an existing user source.
1
In ZENworks Control Center, click the
Configuration
tab.
2
In the User Sources panel, click the user source, then click
Edit
next to
Authentication
Mechanisms
in the General section.
3
Select the
Kerberos
check box, then click
OK
.
Understanding How Kerberos Authentication and the ZENworks Login Dialog Box
Interact
The following table illustrates the ZENworks user experience using Kerberos authentication with
Active Directory:
Table 32-1
ZENworks Kerberos Authentication with Active Directory
Windows
login
matches
user
source
login?
ZENworks also
uses Username/
Password
authentication?
Member of
same
domain?
Member of
different
domain?
Windows and
ZENworks
credentials
match?
Can log in to
Management
Zone?
ZENworks
login dialog
box appears?
Yes
No
Yes
No
Yes
Yes
No
No
No
No