Add a Kerberos User

Setup and Configuration of Intel AMT > Configuration Settings > Access Control List Management > ACL Management Using AMT_AuthorizationService > Use Cases > Add a Kerberos User

Add a Kerberos User

The following steps describe how to add a new Kerberos user to the system, given the SID of an Active Directory User or Group.

1. Retrieve the instance of AMT_ AuthorizationService, where the “Name” key equals “Intel(r) AMT Authorization Service”.

2. Invoke AMT_AuthorizationService.AddUserAclEntryEx with the following parameters:

Parameter	Value
KerberosUserSid	User/Group SID in Base64 format
AccessPermission	Access Permissions identifying if the user will have local or network access or both
Realms	A list of Realms to which the user will have access

3. The method returns an Output Parameter Handle on successful completion that identifies the new user for subsequent references.

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

$authorizationServiceRef =$wsmanConnectionObject.NewReference("SELECT * FROM AMT_AuthorizationService WHERE Name='Intel(r) AMT Authorization Service'")

$inputObject =$authorizationServiceRef.CreateMethodInput("AddUserAclEntryEx")

$inputObject.SetProperty("KerberosUserSid","AQUAAAAAAAUVAAAAVcoTQfagZTk1F8IXVgQAAA==")

$inputObject.SetProperty("AccessPermission","2") # 2 = any access permission.

$inputObject.AddProperty("Realms","2") # 2 = Redirection realm.

$outputObject =$authorizationServiceRef.InvokeMethod($inputObject)

$returnValue =$outputObject.GetProperty("ReturnValue")

if($returnValue -like "0")

{

$handle =$outputObject.GetProperty("Handle")

}

Instance Diagram

Not applicable

Classes Used in This Flow

• AMT_AuthorizationService

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.