If the server host computer and client users are members of the same Windows domain, you can use GSSAPI to authenticate client users. With this configuration, the user authenticates using his or her Windows domain credentials, and therefore doesn't need to enter a password to connect to the server. If the domain accounts are configured to be trusted for delegation, the user can access other domain resources as well, such as printers and file servers.
NOTE:This procedure describes how to configure just client authentication using Windows credentials — server authentication still requires the server host key. To use GSSAPI and Windows credentials for mutual authentication, see Configure GSSAPI Server and Client Authentication.
To configure Windows domain accounts
Add the server computer and client computers to the Windows domain.
Launch the Active Directory Users and Computers console and add the client users to the domain.
(Optional) If you want to use delegation of authentication, configure user account to be trusted for delegation (
> > ).(Optional) If you want to use delegation of authentication, configure the server computer properties to trust this computer for delegation (
> ).To configure the Reflection for Secure IT server
Start the server console, and then click
.Go to
> , and then select or .Save your settings (
> ).To configure the Reflection for Secure IT client
Start the Reflection for Secure IT Client for Windows.
Open the
dialog box ( > > ).From the
tab, under , selectFrom the
tab:Select
(the default).(Optional) If you don't want the client to forward the Kerberos ticket to the server, clear
.Click
.The
dialog box closes.When you configure the user for your client connection, you may need to include both the domain and user name using the format domain\user. This is required if the server computer has a local account name that matches your domain account. For example, if the local computer has a "joe" account and you log on using a domain account for "joe", you need to connect from the client as:
mydomain\joe