When both the client and server are located in the same Windows (NT or Active Directory) domain, it is possible to integrate Windows Domain logon to the SSH Tectia client/server solution. This means that when a user logs on to a Windows Domain, the user gets a "ticket" that can be used for authenticating the user to SSH Tectia Server. The authentication procedure is then non-interactive; the user is not prompted to enter a password when SSH Tectia Connector or Client connects to SSH Tectia Server with Tunneling Expansion Pack.

GSSAPI authentication can also be used in a mixed Windows/Unix environment. On Unix, GSSAPI interoperates with standard Kerberos implementations that provide a GSSAPI mechanism.

Active Directory/Kerberos is used in the Windows 2000/2003 Domains.

Figure 5.4. Secure application connectivity through GSSAPI

See also GSSAPI (Kerberos) Authentication with Microsoft Active Directory Compatibility Note at http://www.ssh.com/resources/material/compatibility/.