NOTE: The keytab contains an encryption key and must be kept secure. For more information
about the ktpass utility, see the Microsoft Website.
Configuring CMC For Active Directory Schema
For information about configuring CMC for Active Directory standard schema, see Configuring Standard
Schema Active Directory.
For information about configuring CMC for Extended Schema Active Directory, see Extended Schema
Active Directory Overview.
Configuring Browser For SSO Login
Single Sign-On (SSO) is supported on Internet Explorer versions 6.0 and later, and Firefox versions 3.0 and
later.
NOTE: The following instructions are applicable only if CMC uses Single Sign-On with Kerberos
authentication.
Internet Explorer
To configure Internet Explorer for Single Sign-On:
1. In the Internet Explorer, select Tools → Internet Options.
2. On the Security tab, under Select a zone to view or change security settings, select Local Intranet.
3. Click Sites.
The Local Intranet dialog box is displayed.
4. Click Advanced .
The Local Intranet Advance Settings dialog box is displayed.
5. In the Add this site to the zone, type the name of CMC and the domain it belongs to and click Add.
NOTE: You can use a wildcard (*) to specify all devices or users in that domain.
Mozilla Firefox
1. In Firefox, type about:config in the Address bar.
NOTE: If the browser displays the This might void your warranty warning, click I'll be careful. I
promise.
2. In the Filter box, type negotiate.
The browser displays a list of preference names limited to those containing the word negotiate.
3. From the list, double-click network.negotiate-auth.trusted-uris.
4. In the Enter string value dialog box, type the CMC's domain name and click OK.
Configuring Browser For Smart Card Login
Internet Explorer — Make sure that the Internet Browser is configured to download Active-X plug-ins.
146