EMC Documentum Kerberos SSO Integration: Enterprise Content Management

This book discusses end-to-end Kerberos SSO implementations on systems using Documentum 6.6
and later, including usage scenarios, code samples, and FAQs. This is a Practical Approach.

Kerberos single sign-on (SSO) is a network authentication protocol designed to provide strong
authentication for client/server applications by using secret-key cryptography. The Kerberos protocol uses
strong cryptography so that a client can prove its id entity to a server (and vice versa) across an insecure
network connection. After a client and the server have used Kerberos to prove their identities, they can also
encrypt all of their communications to ensure privacy and data integrity.

Kerberos provides secure and reliable authentication to multiple applications that use Kerberos for
authentication. In most distributed network systems, a password is used to prove a user's identity, and this
password is transmitted over the network from the client machine to the machine that the user wants to access.
So, a mechanism that prevents anyone from intercepting or eaves dropping on the transmitted plain
passwords is vital for security. In addition, another pain point while using passwords for authentication is
that the password must be supplied every time a connection is requested to the remote machine. Kerberos
helps users avoid this issue and solves the central problem of using passwords for authentication without
sending them over the network.