About Intel AMT > Integration with Active Directory > Redirection Library Kerberos Support

Redirection Library Kerberos Support

The Intel AMT Redirection Library supports Kerberos authentication. When calling the library, user authentication can be done in two ways:

   ACL user name and password – Until Release 6.0, the user name and password will be sent in clear text.  From Release 6.0, the user name and password will be sent in Kerberos hash format.

   Explicit user name and password – An explicit domain name, user name and password will use Kerberos authentication.  If no information is entered, the logged in Kerboros user will be used.

An Intel AMT device redirection setting is established using the ME BIOS extension. The SOL/IDE-R BIOS option has a choice of authentication or no authentication. When the authentication option is selected, Intel AMT will authenticate with Kerberos or Digest. If the authentication option is not selected, only Kerberos authentication is supported.

A client application initiates an SOL or Storage Redirection session with an Intel AMT device by calling IMR_IDEROpenTCPSession (deprecated in Release 4.0), IMR_IDEROpenTCPSessionEx, IMR_SOLOpenTCPSession (deprecated in Release 4.0), or IMR_SOLOpenTCPSessionEx – all are functions in the redirection library. These functions have as input parameters the username and password of the client. The library opens a socket with the Intel AMT device and negotiates the protocol to be used between them.

Description: note-icon Note:

Beginning in version 11.0, Storage Redirection uses the USB-R protocol rather than the IDE-R protocol. The BIOS option and function names have not been changed so as to preserve backwards compatibility.

Copyright © 2006-2022, Intel Corporation. All rights reserved.