Use Reflection Kerberos for GSSAPI Authentication

This procedure configures Reflection Kerberos to use your Windows domain credentials to authenticate to a Secure Shell server. Kerberos authentication for Secure Shell connections is enabled for the currently specified SSH configuration scheme in the Secure Shell configuration file.

If the system administrator has installed a Kerberos configuration file on your PC, Reflection Kerberos is automatically configured the first time you start a Reflection application. Reflection Kerberos settings are stored in the registry on a per-user basis and are available to all Reflection applications that use the Kerberos client.

To use Reflection Kerberos for GSSAPI Authentication

  1. Open the Reflection Secure Shell Settings dialog box.
  2. On the General tab, select GSSAPI/Kerberos under User Authentication.
  3. On the GSSAPI tab, select Reflection Kerberos.
  4. Click Configure.
  5. In the Initial Configuration dialog box, type the principal name, realm, and KDC host. If your system is already configured for Kerberos, Reflection Kerberos Manager starts instead.

Note: After authentication, Reflection Kerberos forwards your Kerberos Ticket Granting Ticket (TGT) to the host. To disable ticket forwarding, see Kerberos Ticket Forwarding in Secure Shell Sessions.

Related Topics

Specifying the Service Principals for GSSAPI Secure Shell Sessions

Kerberos Ticket Forwarding in Secure Shell Sessions