K2 Pass-Through Authentication
When components are installed on separate servers, credentials must be passed between the services. This can be accomplished by setting up K2 Pass-Through Authentication (K2PTA) which is configured as part of the installation and configuration process of K2. Any time where two or more hops are required for user authentication, K2 Pass-Through Authentication must be configured.
What is K2 Pass-Through Authentication?
K2 Pass-Through Authentication is a K2 proprietary authentication methodology specifically for authenticating users whose credentials need to be passed between machines that interact with the K2 APIs. This authentication model can be used as an alternative to Kerberos, but is not in any way intended to be a replacement for Kerberos.
K2PTA enables the removal of Kerberos dependencies and still allows a user’s credentials to be passed between machines in such a way that the user can be authenticated in a secure manner without compromising the integrity of the K2 server transactions and data.
Why use K2 Pass-Through Authentication?
K2 Pass-Through Authentication is intended as an out-of-the-box means for K2 installations to be able to authenticate user requests in a distributed environment. Some of the reasons why an organization might use K2PTA:
- Limited internal organization skills (such as little or no knowledge of how to configure Kerberos)
- No access to Active Directory to make Kerberos changes
- Business requirements that don’t warrant the need for a Kerberos implementation
See the topic K2 Pass-Through Authentication in the Prepare section for information on configuring and using K2PTA.