Kerberos Authentication and RTC
Other versions of this page are also available for the following:
.gif "A hyphen indicates that the information in this topic is not relevant for this platform, or that the platform does not support the API that is listed.")
.gif "A checkmark indicates that the information in this topic is relevant for this platform, and that any API listed is also supported on this platform.")
8/28/2008
Kerberos Version 5 authentication does not send the credentials over the network, so it is the most secure authentication scheme implemented by the RTC Client API (all other schemes transmit the user credentials over the network in either an encrypted or unencrypted form).
The RTC Client API uses the message integrity features of Kerberos to sign every message sent to the server. The domain SIP server may also sign every message sent to the client.
Although mutual authentication is part of Kerberos, the RTC Client API uses only client authentication functionality.
The RTC Client API uses Transport Layer Security (TLS) to authenticate the server.
The application decides the level of security required by specifying the preferred authentication methods in the <allowedauth> tag in the provisioning profile.
When the RTC Client API receives an authentication challenge, the most secure authentication schemes supported by both the client and the server are used. For the relative security levels of authentication methods as considered by RTC, see Authentication.
For more information about provisioning profiles, see Provisioning and XML Profiles