Q. What Active Directory authentication methods are supported by the InterMapper Authentication server?
A. A: IMAuth supports basic authentication, with or without SSL, and DIGEST-MD5 encryption. Your AD server must support SSL, allow plaintext LDAP binds, or have the â€˜reversible encryptionâ€™ setting enabled for users you intend to authenticate. If your server doesnâ€™t meet these requirements, there are two alternate solutions:
1. Many networks with an AD domain controller also run Microsoft IAS, which may work better with IMAuth.
2. You can use ADâ€™s native Kerberos infrastructure. This requires you to create an â€˜imauthâ€™ user in AD, then use Microsoftâ€™s ktpass utility to produce an RC4-HMAC key for that user. This can then be uploaded as the Kerberos Service Key in IMAuthâ€™s Kerberos settings. The following tech-note describes this process in detail:
Using Kerberos with InterMapper