Pass-Through Authentication
When components are installed on separate servers, credentials must be passed between the services. This can be accomplished by setting up Pass-Through Authentication (PTA) which is configured as part of the installation and configuration process of the product. Any time where two or more hops are required for user authentication, Pass-Through Authentication must be configured.
What is Pass-Through Authentication?
Pass-Through Authentication is a proprietary authentication methodology specifically for authenticating users whose credentials need to be passed between machines that interact with the products APIs. This authentication model can be used as an alternative to Kerberos, but is not in any way intended to be a replacement for Kerberos.
PTA enables the removal of Kerberos dependencies and still allows a user’s credentials to be passed between machines in such a way that the user can be authenticated in a secure manner without compromising the integrity of the server transactions and data.
Why use Pass-Through Authentication?
Pass-Through Authentication is intended as an out-of-the-box means for product installations to be able to authenticate user requests in a distributed environment. Some of the reasons why an organization might use PTA:
- Limited internal organization skills (such as little or no knowledge of how to configure Kerberos)
- No access to Active Directory to make Kerberos changes
- Business requirements that don’t warrant the need for a Kerberos implementation
See the topic Pass-Through Authentication in the Prepare section for information on configuring and using PTA.