LDAP Authentication Method

Administration > IWSVA Configuration > User Identification | User Identification

If your LDAP is Microsoft Active Directory, OpenLDAP or Novell eDirectory, specify the following settings to match the authentication method used by your Kerberos KDC (key distribution center):

• Advanced

Advanced authentication consists of sending the user's FQDN and password in encrypted form.

• For increased security protection, IWSVA uses the advanced authentication method (Kerberos or Digest-MD5) for all subsequent user logon authentications from IWSVA to the LDAP server. In addition, IWSVA still validates user credential using Kerberos authentication method even when you select simple authentication on the LDAP server.

• Default Realm

Enter the default realm of the LDAP server in the following format: hostname.subdomain.domain.com

• Default Domain

Enter the default domain of the LDAP server in the following format: domain.com

• KDC and admin Server

Enter the FQDN or DNS host name of the KDC server in the following format: hostname.subdomain.domain.com

• KDC port number

The default Kerberos KDC port is 88.

Contact your LDAP administrator for this information, or check the server's configuration files.  Typical file locations:

• /etc/krb5/krb5.conf                [Solaris]

• /etc/krb5.conf                     [Linux]

See also

• LDAP Settings