You are here: Reference Manual > FME Server Core > Role-Based Access Control > Configurable Parameters for Active Directory Connections > SECURITY_AD_SASL_OPTION_MECHANISM

SECURITY_AD_SASL_OPTION_MECHANISM

Optional. When specified, uses the SASL authentication mechanism.

FME Server currently supports two SASL authentication mechanisms, Kerberos V5 and MD5 message digest.

Kerberos V5 authentication is the default and recommended authentication mechanism on Windows domains. To use Kerberos V5, specify SECURITY_AD_SASL_OPTION_MECHANISM=GSSAPI. When using Kerberos V5 authentication, take note of the following two configuration parameters:

SECURITY_AD_SASL_OPTION_KDC_ADDRESS: Used to explicitly specify the hostname or IP address of the Kerberos key distribution centre (KDC).
SECURITY_AD_SASL_OPTION_REALM: Used to explicitly specify the name of the authentication realm.

These additional parameters may be left unspecified; in this case, FME Server attempts to determine the options automatically.

MD5 message digest is an alternative authentication mechanism on Windows domains. To use MD5 message digest, specify SECURITY_AD_SASL_OPTION_MECHANISM=DIGEST-MD5. When using MD5 message digest authentication, take note of the following configuration parameter:

SECURITY_AD_SASL_OPTION_REALM: Used to specify the name of the authentication realm.

This option may be left unspecified; in this case, FME Server attempts to determine it automatically.

Note: MD5 message digest authentication mechanism is not supported on Windows 2000 domains.