Kerberos single sign-on (SSO)
—A network that supports
Kerberos V5 SSO prompts a user to log in only for initial access
to the network (such as logging in to Microsoft Windows). After
this initial login, the user can access any browser-based service
in the network (such as the firewall web interface) without having
to log in again until the SSO session expires. (Your Kerberos administrator
sets the duration of SSO sessions.) If you enable both Kerberos
SSO and another external authentication service (such as a TACACS+
server), the firewall first tries SSO and, only if that fails, falls
back to the external service for authentication. To support Kerberos
SSO, your network requires: