Set Up Kerberos for AS/400 Single Sign-on
Kerberos is an authentication protocol that uses cryptographic tickets to avoid transmitting plain text passwords. Client services obtain ticket-granting tickets from the Kerberos Key Distribution Center (KDC) and present those tickets as their network credentials to gain access to services.
Note
Kerberos authentication for end users accessing the session server is also supported, however that functionaltiy is not yet integrated with Kerberos for AS/400 authentication. This feature allows for automated sign on from the session server to an AS/400 host. MSS must be configured with an authentication method that results in a user principle that is resolvable in the Kerberos Active Directory domain, for example LDAP, SAML, or Siteminder. A Windows Active Directory Server is required.
By using Kerberos, after an initial domain sign-on, users do not have to enter their credentials when accessing AS/400 sessions in Host Access for the Cloud.
An overview of enabling and using this feature can be found in the MSS Administrative Console > Host Access for the Cloud panel documentation.
Choose Host Access for the Cloud from the drop down list, then select Kerberos Settings, and click the Help button:
