6.63 LceSetKerberosOn
This function indicates that the connection to the server will be made using Windows Credentials (Kerberos / Single Signon / SSO) rather than the User Id. This means that the user's Windows profile and password is used to sign on to the server. The server must have been configured for Single Sign On, and the user enrolled, before this can be done.
|
BOOL |
LceSetKerberosOn |
(int |
iSession) |
Parameters
|
iSession |
The session identifier as returned by LceSetKerberosOn. |
Return Values
TRUE is returned if the session can accept the value.
FALSE is returned if an error occurs.
Notes
If you use this function, you must also use the LceSetKerberosOff function.
- This function must be executed after LceGetSessionId and before LceOpenSession.
Kerberos works without further configuration directly to a server with no access outside that server, say to SQL Server or a file share.
If access outside of that 1 server is required – so called "multi-hop" – then this is what is supported:
1.Trust whole computer to *any* services – We have tested and proved this is working
2.Trust a specific domain user to *any* services – We have tested and proved this is working (this requires setting up listener properly to run as a specific user, see the attached document. This should be verified first using lcoecho)
If your environment does not allow one of these configurations then multi-hop cannot be used.
Related Functions