Kerberos

Windows Authentication in Blackberry Enterprise Server (BES) 12

Alex Mags
Update to previous post on older BES version ( “Test intranet access from Blackberry and other mobile platforms”). For BES12 create a krb5.conf file and upload to the “Single-sign on” profile (obv. switch mycompany.com to your own FQDN. And specify the FQDNs for one or more domain controllers. This has been case sensitive in the past.)``` [libdefaults] default_etypes = aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 des3-cbc-sha rc4-hmac default_realm = MYCOMPANY.COM [realms] MYCOMPANY.COM = { kdc = tcp/DC1.

Test intranet access from Blackberry and other mobile platforms

Alex Mags
If you’re accessing intranet websites using Blackberries and other mobile platforms like Good for Enterprise you can get Kerberos working to provide single sign-on/passthough authentication. Staff can then browse intranet pages that are secured by Windows authentication, URL filtering or NTFS without having to type in their (probably complex) Windows password on a teeny tiny phone keypad. I use the Active Server Page (ASP) below on IIS to test if Kerberos is working.