Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1381 Discussions

Kerberos and IDE redirection, API question

vzvezda
Beginner
‎09-11-2007 11:01 PM
444 Views
Hi,

According to the AD integration guide:

A client application initiates an SOL or IDE-R session with an Intel AMT device by calling either IMR_IDEROpenTCPSession or IMR_SOLOpenTCPSession both are functions in the redirection library. These functions have as input parameters the username and password of the client. The library opens a socket with the Intel AMT device and negotiates the protocol to be used between them. If the SOL/IDE-R authentication was enabled, then the library will attempt to contact a ticket granting server for establishing a Kerberos connection. If this fails, the library will attempt to connect using the username/password combination.

So is it correct that only kerberos authentication credentials of current windows user can be used for SOL/IDE-R? Can I specify the credential (domain, user, password) of other user for SOL/IDE-R library?
0 Kudos

Link Copied

2 Replies
Ajith_I_Intel
Employee
‎09-13-2007 12:16 PM
444 Views

Hi earlnsk,

When using the kerberos authentication, the current windows user will negotiate the kerberos tokes to authenticate himself with Intel AMT device. Also this user needs to be added in the ACL in AMT along with the realm that can be accessed. If for some reason, kerberos connection cannot be established, the credentials entered as part of the username and password will be used. Once again, this set of username and password need to bepresent in the AMT device ACL list with the correct realms.

Also the AD integration guide says: Note that if the normal mode of operations is to connect using Kerberos, the username/password parameters to the library functions will be ignored.

Hope this helps.

0 Kudos
Copy link
vzvezda
Beginner
‎09-13-2007 10:13 PM
444 Views
Thank you for explanation.

So the redirection library use the following authentication schema:
1. Trying connect using current Windows user credentials (Kerberos).
2. If step 1 was not successful and BIOS settings are permits, user and password will be used (Digest user in ACL)

Kerberos credentials of other user cannot be specified to redirection library.

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.