Connect Using Kerberos

Kerberos is a protocol that uses a trusted third party to enable secure communications over a TCP/IP network. The protocol uses encrypted tickets rather than plain-text passwords for secure network authentication and also supports encryption of the data stream.

After you configure a session using Kerberos, you can export these settings to an XML file in order to deploy them. The first time a user opens a Reflection Kerberos session, these settings are imported into the registry.

NOTE:Kerberos connections are available for VT terminal sessions.

Before you start

Make sure you know the following information:

If you are configuring Kerberos using Windows credentials:

  • You must be logged into a Windows domain.

  • You must know the fully qualified name of a host that is running a kerberized server application (such as telnetd or ftpd) and that has been joined to the Windows domain.

If you are configuring Kerberos using a KDC, Make sure your system has a KDC server and that you know:

  • The fully-qualified name of a host that is properly configured and running a kerberized server application (such as telnetd or ftpd).

  • The fully qualified KDC host name.

  • The Kerberos principal (and password) with which you will be authenticating.

  • The Kerberos realm.

To configure a secure terminal session using Kerberos

  1. From the Create New Document dialog box, select a session template and click Create.

  2. For Host Name/IP Address, enter the fully qualified host name.

  3. Select Configure additional settings, and then click OK.

  4. Under Host Connection, click Set Up Connection Security.

  5. From the Security Properties dialog box, click the Kerberos tab, and select Reflection Kerberos.

    NOTE:Unless your PC has a Kerberos Manager configuration file installed, the Reflection Kerberos Initial Configuration dialog box is displayed the first time you use Reflection Kerberos. You must specify default Kerberos settings in this dialog box before you can make a connection.

  6. Do one of the following:

    • Select Use Windows logon values.

      -OR-

    • Enter values for Default Principal, Default Realm, and KDC host name.

  7. Click OK to close the Reflection Kerberos Initial Configuration dialog box.

  8. Configure any additional Kerberos options that you want to use for this connection and click OK to close the Security Properties dialog box.

  9. Click OK to close the Settings for VT dialog box and initiate the connection. When prompted, enter your password.

  10. After a connection is established, click the Save button on the Quick Access toolbar and save the session document.

  11. Click OK to close the open dialog boxes and return to the workspace.