Option | Description |
Simple | The client sends the LDAP server its fully qualified domain name and a clear-text password. This authentication mechanism can be used within an encrypted channel such as SSL, if it is supported by the LDAP server. |
Digest | Sets the security authentication mechanism to DIGEST-MD5. |
Kerberos | Enables authentication against a LDAP service that has Kerberos authentication, such as Microsoft Active Directory, without transmitting passwords, encrypted or otherwise, over the network. The authentication is done by obtaining a cached ticket-granting ticket from the system's underlying Kerberos implementation, and using it to obtain service tickets from the ticket-granting service for the other services in use. Required configuration: a. TDV JRE installation must be 1.6.0_44 or higher. b. Update the krb5.conf or krb5.ini file to include details of the Kerberos realm that the LDAP domain with Kerberos authentication belongs to with the following information: — A new realm tag, containing the Key Distribution Center (KDC) hostname, default domain name, KDC admin server hostname, KDC password server hostname, supported encryption types and principal name to user name mappings (if necessary). Other properties might be necessary, based on your unique Kerberos realm configuration. Cross-realm authentication is not supported. — A single or multiple entries in the domain_realms section to specify local domain name to Kerberos realm mappings. — Only if necessary, modify the libdefaults section of your configuration file. After this option is enabled, the behavior of TDV is modified in a way that will be unique to your location. It is recommended that you make your users aware that when logging into TDV as a user on an LDAP domain with Kerberos authentication, the password field is non-editable. For some additional information on how TDV user name and passwords are managed, see About Kerberos Configuration Files and LDAP Login Credentials. |