Kerberos Services Ticket Auto-Signon

For 5250 emulator sessions, the Bypass signon using Kerberos principal option enables Kerberos authentication.

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Bypass signon using Kerberos principal” is disabled.
If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Bypass signon using Kerberos principal” is enabled.

A ticket is generated and passed to the iSeries™, eServer™ i5, or System i5™ host during TN5250 negotiation.

If the ticket is valid, authentication is completed and the user is logged onto the host. If authentication fails, a host login screen get displayed.

Note: The user must log into a Windows™ domain in order to use Kerberos authentication. Refer to the relevant Microsoft™ documentation for specific details.

For the Data Transfer utility, the user can set the Use Kerberos principal, no prompting option (from Setup → Signon Options).

If the “Kerberos auto-signon” is disabled during the “Custom” installation, “Use Kerberos principal, no prompting” is not listed in the signon options of the Data Transfer utility.
If the “Kerberos auto-signon” is enabled during the “Custom” installation, “Use Kerberos principal, no prompting” is listed in the signon options of the Data Transfer utility.

This function enables Kerberos authentication, using the ticket generated by the Windows™ user credentials.