Skip to Content
Aug 13, 2015 at 11:05 AM

Using Kerberos and X.509 for SSO



I have set up our systems to use X.509 certificates for SSO. The certificates are issued by our enterprise PKI. There is no SLS installed. I came across the Kerberos authentication setup videos and tried that on one system and it worked.

If I create the SNC pse with the same name as the SPN, would I be able to logon via x.509 certificate and Kerberos at the same time, depending on the SNC Name in SU01? Or do I have to decide for one or the other authentication process?

Regarding Web Access: I would have to maintain SPNEGO for Kerberos authentification and EXTID_DN for certificate based logon. Am I right?