The firewall uses Kerberos single
sign-on (SSO) to transparently obtain user credentials from the
browser. To use this method, your network requires a Kerberos infrastructure,
including a key distribution center (KDC) with an authentication
server and ticket granting service. The firewall must have a Kerberos
account. If Kerberos SSO authentication fails, the firewall
falls back to web form or client certificate authentication, depending
on your Authentication policy and Authentication Portal configuration. |