Network Identity Manager (NetIdMgr) is a graphical tool designed to simplify the management of network identities and their credentials which are used by network authentication protocols while providing secure access to network services. When NetIDMgr is used with Kerberos v5 each network identity is a unique Kerberos principal name and the credentials are Kerberos v5 tickets. Kerberos v5 tickets can be used by NetIDMgr to obtain Andrew File System (AFS) tokens and X.509 public key certificates if the appropriate plug-ins are installed.
When you log into Microsoft Windows with a domain account, your account name and the Windows Domain name when combined form a Kerberos principal name. As an example, `WINDOWS\jaltman' is actually a short form representation of jaltman@WINDOWS.SECURE-ENDPOINTS.COM. Microsoft Windows uses Kerberos-based network identities for all domain-based network authentications.
Since Microsoft Windows already provides a network identity, why do you need NetIdMgr? Here are some examples:
NetIdMgr’s automated credential acquisition and renewal makes it an invaluable tool which provides users with a Single Sign-on experience.
NetIdMgr is most commonly configured as a StartUp item that runs an icon in the Taskbar Notification Area until you logout. While running, NetIDMgr automatically renews your credentials, notifies you of pending expirations and prompts you when a Kerberized application requires credentials that have not already been obtained.
When configured to do so, NetIdMgr will prompt you immediately after it starts to obtain Kerberos credentials. This is often referred to as logging on to Kerberos. NetIdMgr does not perform a logon in the sense of the Windows Logon Service. A logon service would do more than manage Kerberos tickets. A logon service would authenticate you to the local machine, validate access to your local file system and performs additional set-up tasks. These are beyond the scope of NetIdMgr. NetIdMgr simply allows you to manage Kerberos identities on behalf of compatible applications and to change your Kerberos password.
NetIDMgr is distributed with the Kerberos v5 and Kerberos v4 providers (32-bit only). Providers for additional credential types including AFS tokens and KCA certificates are available as separate distributions. The OpenAFS provider, which is required for supporting AFS tokens, is distributed as part of OpenAFS for Windows. The KCA provider is distributed by Secure Endpoints Inc.
If you are interested in developing credential providers or extending the features of NetIDMgr, your first stop should be the NetIDMgr SDK which can be downloaded from Secure Endpoints Inc..
Contact the firstname.lastname@example.org mailing list with questions or comments.