1-47
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Configuring Clientless SSL VPN
  Understanding How KCD Works
Note Steps 1 to 3 comprise protocol transition. After these steps, any user who authenticates to 
ASA using a non-Kerberos authentication protocol is transparently authenticated to the key 
distribution center using Kerberos.
4. ASA requests a service ticket from the key distribution center for the specific service that the user 
wants to access.
5. The key distribution center returns a service ticket for the specific service to the ASA.
6. ASA uses the service ticket to request access to the web service. 
7. The Web server authenticates the Kerberos service ticket and grants access to the service. The 
appropriate error message is displayed and requires acknowledgement if there is an authentication 
failure. If the Kerberos authentication fails, the expected behavior is to fall back to basic 
authentication.
Before Configuring KCD
To configure the ASA for cross-realm authentication, you must use the following commands: