A configuration overview for doing this in Windows 2000 and Active Directory is found in the MSDN (Microsoft Developer Network) article HTTP-Based Cross-Platform Authentication by Using the Negotiate Protocol, in section “Kerberos Infrastructure Configuration”. Currently, this article section is at URL: http://msdn.microsoft.com/en-us/library/ms995329.aspx#http-sso-1_topic3
From this article, the high-level process is as follows:
Create a User Account in Active Directory for each NiagaraAX host (JACE) and service.
Create the SPNs associated with each User Account—this must be done on a Domain Controller.
Generate the keytab files for each service.
Authenticate the UNIX hosts to the Kerberos realm.
Copy the keytab files to the NiagaraAX hosts (JACEs).
Greater detail on the first three steps above are in the article’s following section, Commands for SPNs, account mappings and keytab files.
Copyright © 2000-2014 Tridium Inc. All rights reserved.