When you log on a Linux, Unix, or Mac OS X computer by using your Active Directory domain credentials, Likewise initializes and maintains a Kerberos ticket granting ticket (TGT). The TGT lets you log on other computers joined to Active Directory or applications provisioned with a service principal name and be automatically authenticated with Kerberos and authorized for access through Active Directory. In a transparent process, the underlying Generic Security Services (GSS) system requests a Kerberos service ticket for the Kerberos-enabled application or server. The result: single sign-on.
To gain access to another computer, you can use various protocols and applications:
-
SSH (how to configure single sign-on for SSH)
-
rlogin
-
rsh
-
Telnet
-
FTP
-
Firefox (for browsing of intranet sites)
-
LDAP queries against Active Directory
-
HTTP with an Apache HTTP Server
具体内容: