I know NAM can be configured to use Kerberos authentication.

The 1st question:

If your origin web server ALSO is configured to use Kerberos, can NAM
simply "pass" the ticket along to the origin server?
Or is this not even needed if the back-end can do that?

The 2nd question:
I'm ASSUMING that since AD uses Kerberos that you have to set your user
store in NAM to point to AD to use Kerberos? But what if your primary
store is eDir? (for expired passwords, etc.)?

I know you can have different users stores per auth contract or
something and you can then assign these to the appropriate AG protected
items (ie: one URL could use eDir, one could use AD/Kerberos)?

The 3rd Question:
Assuming #2 requires AD, can you have your fallback be eDir secure
Name/Form login page?

kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=48849