Skip to content

Set Up Kerberos for AS/400 Single Sign-on

Kerberos is an authentication protocol that uses cryptographic tickets to avoid transmitting plain text passwords. Client services obtain ticket-granting tickets from the Kerberos Key Distribution Center (KDC) and present those tickets as their network credentials to gain access to services.


Kerberos support in HACloud is used for AS/400 single sign-on. HACloud does not yet support end user authentication to the session server via Kerberos. MSS must be configured with an authentication method that results in a user principle that is resolvable in the Kerberos Active Directory domain, for example LDAP, SAML, or Siteminder. Kerberos support on the AS/400 only works with Windows Active Directory Server.

By using Kerberos, after an initial domain sign-on, users do not have to enter their credentials when accessing AS/400 sessions in Host Access for the Cloud.

An overview of enabling and using this feature can be found in the MSS Administrative Console > Host Access for the Cloud panel documentation.

MSS Admin Console

Choose Host Access for the Cloud from the drop down list, then select Kerberos Settings, and click the Help button:

MSS Kerberos