K2 Pass-Through Authentication

When components are installed on separate servers, credentials must be passed between the services. This can be accomplished by setting up K2 Pass-Through Authentication (K2PTA) which is configured as part of the installation and configuration process of K2. Any time where two or more hops are required for user authentication, K2 Pass-Through Authentication must be configured.

K2 Pass-Through authentication is the default option when installing in a distributed environment. Kerberos is a supported alternative that may give you more control over how credentials are passed but can be more difficult to setup.

What is K2 Pass-Through Authentication?

K2 Pass-Through Authentication is a K2 proprietary authentication methodology specifically for authenticating users whose credentials need to be passed between machines that interact with the K2 APIs. This authentication model can be used as an alternative to Kerberos, but is not in any way intended to be a replacement for Kerberos.

K2PTA enables the removal of Kerberos dependencies and still allows a user’s credentials to be passed between machines in such a way that the user can be authenticated in a secure manner without compromising the integrity of the K2 server transactions and data.

Why use K2 Pass-Through Authentication?

K2 Pass-Through Authentication is intended as an out-of-the-box means for K2 blackpearl installations to be able to authenticate user requests in a distributed environment. Some of the reasons why an organization might use K2PTA:

K2PTA is not a Kerberos replacement, it is a Kerberos alternative which can be implemented for specific delegation requirements when an anonymous connection is made which results in Kerberos failure.

See the topic K2 Pass-Through Authentication in the Prepare section for information on configuring and using K2PTA.

Related Topics