About Intel AMT > Integration with Active Directory

Integration with Active Directory

Intel AMT provides for a standard, single-sign-on style of authentication by integrating its authentication framework with Microsoft Windows* Active Directory. Active Directory manages domain authentication based on the Kerberos protocol.

Authentication to Intel AMT integrated with Microsoft Windows domain authentication eliminates the need for ISV applications (including setup and configuration services) to manage unique and strong username/password pairs for all Intel AMT systems. Authentication to Intel AMT is as strong and as secure as authentication to the Windows domain; and administrators wanting to manage Intel AMT systems need only to login to the Windows domain to gain access to Intel AMT devices.

This section provides an overview of Kerberos, a description of the salient features of Active Directory, and the steps required to integrate Intel AMT with Active Directory. It includes an example of setting up Active Directory and the Sample Configuration Application to configure an Intel AMT device to work with Kerberos.

For more information, see the following:

   Introduction to Kerberos Authentication

   Microsoft Active Directory and Kerberos Support

   Using Active Directory to Manage Intel AMT Devices

   Configuring Intel AMT for Kerberos Authentication

   Redirection Library Kerberos Support

   Kerberos Authentication using .NET

   Security Considerations

   Refreshing Expired Tickets

   Maximum Kerberos Ticket Size

   Notes and Limitations

   Configuration Example

Copyright © 2006-2022, Intel Corporation. All rights reserved.