Kerberos Services Ticket Auto-Signon

For 5250 emulator sessions, the Bypass signon using Kerberos principal option enables Kerberos authentication.

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Bypass signon using Kerberos principal” will be disabled.

If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Bypass signon using Kerberos principal” will be enabled.

A ticket is generated and passed to the iSeries, eServer™ i5, or System i5® host during TN5250 negotiation.

If the ticket is valid, authentication is completed and you will be logged onto the host. If authentication fails, a host login screen will be displayed.

Note: You must log into a Windows domain in order to use Kerberos authentication. Refer to the relevant Microsoft documentation for specific details.

For the Data Transfer utility, you can set the Use Kerberos principal, no prompting option (from Setup → Signon Options).

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Use Kerberos principal, no prompting” will not be listed in the signon options of the Data Transfer utility.

If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Use Kerberos principal, no prompting” will be listed in the signon options of the Data Transfer utility.

This function enables Kerberos authentication, using the ticket generated by the Windows user credentials.