Starting with version 6.0, ActiveRoles Server supports Kerberos authentication with the Administration Service (in addition to NTLM authentication). However, some additional configuration steps are required to enable the Administration Service to support Kerberos authentication.
Support for Kerberos authentication, in conjunction with Kerberos delegation, allows the Web Interface to use Integrated Windows authentication rather than Basic authentication in the situation where the Web Interface and the Administration Service are running on different computers. For instructions on how to enable this functionality in the Web Interface, please see Using Kerberos authentication with Integrated Windows authentication in Web Interface
Beginning with version 6.0, the Administration Service uses service principal names (SPNs) in the form "arssvc/hostname" for Kerberos authentication. To enable Kerberos authentication, the appropriate service principal names (SPNs) must be registered with the user account that the Administration Service uses to log on (service account).