Q. What Active Directory authentication methods are supported by the InterMapper Authentication server?

A. A: IMAuth supports basic authentication, with or without SSL, and DIGEST-MD5 encryption. Your AD server must support SSL, allow plaintext LDAP binds, or have the ‘reversible encryption’ setting enabled for users you intend to authenticate. If your server doesn’t meet these requirements, there are two alternate solutions:

1. Many networks with an AD domain controller also run Microsoft IAS, which may work better with IMAuth.

2. You can use AD’s native Kerberos infrastructure. This requires you to create an ‘imauth’ user in AD, then use Microsoft’s ktpass utility to produce an RC4-HMAC key for that user. This can then be uploaded as the Kerberos Service Key in IMAuth’s Kerberos settings. The following tech-note describes this process in detail:

Using Kerberos with InterMapper