Tying an authentication mechanism to an authentication level can be very useful when writing security policy in ISAM. For example you might want a password based authentication (Such as Basic Auth or Forms Auth) to map to level 1, whilst you might hold a federated identity, or something achieved through another EAI to have a higher authentication level – 2.
Within the Webseal configuration file however, there is no mention of Kerberos as an acceptable authentication type:
[authentication-levels] #---------------------- # STEP UP #---------------------- # authentication levels # # Syntax: # level = <method-name> # # Valid method names are: # unauthenticated # password # token-card # ssl # ext-auth-interface # ltpa
The good news is that whilst the list doesn’t show Kerberos, it’s still possible to set it. just use the text:
level = kerberosv5
And you’re on your way!
Philip Nye 