Generic Security Service Application Program Interface (GSSAPI) allows for passthrough authentication using Active Directory Kerberos Tickets. The protocol is supported on all operating systems including Windows, Mac, Linux, and Solaris. This allows for passwordless authentication. When used alongside MIT Kerberos, you can also have Kerberos tickets sent for passwordless AD authentication on the host server.
Sudo will …
PuTTY users may experience connection failures due to a Kerberos issue.
The “MIT Kerberos GSSAPI64.DLL” may not function properly
If the connection fails then in the PuTTY Configuration screen go to
Connection->SSH->Auth->GSSAPI and move the “Microsoft SSPI SECURE32.DLL” to first in order to prevent errors.
Two Factor Authentication (TFA) is a method of authentication that adds an additional layer of security to the logon process. As the name implies, it relies on two factors – something you have (a DOIAccess smart card credential) and something you know (the PIN for your smart card). TFA implementation is one of the Big 9 Initiatives in response to OMB and DOI mandates, …
