The integrated Kerberos Token Processor accepts and validates Kerberos tokens through
a configured Kerberos realm.
It supports authentication mechanism assurance
from Active Directory (AD) domain service, making it possible to restrict access to users
authenticating through specific mechanisms. For more information, see Authentication mechanism assurance.
Go to AuthenticationToken
ExchangeToken Processors.
On the Instance Configuration tab, select the applicable
domain from the Domain/Realm Name list.
An AD domain or a Kerberos realm must be configured for use with the Kerberos
Token Processor. If the domain you want does not appear, click Manage
Active Directory Domains/Kerberos Realms to add it. For more
information, see Active Directory and Kerberos.
Note:
Kerberos tickets can be accepted from domains other than the domain configured
in the token processor if there is a transient, two-way trust. This trust
exists by default when domains are joined within a single server forest. For
more information, see Multiple-domain support.