13.3.4. Kerberos Configuration in Web Browsers
For information on configuring the Firefox browser see Configuring Firefox to Use Kerberos for Single Sign-On in the Red Hat Enterprise Linux System-Level Authentication guide.
If you use the Internet Explorer browser, add Satellite Server to the list of Local Intranet or Trusted sites, and turn on the Enable Integrated Windows Authentication setting. See the Internet Explorer documentation for details.
With direct AD integration, HBAC through Red Hat Identity Management is not available. As an alternative, you can use Group Policy Objects (GPO) that enable administrators to centrally manage policies in AD environments. To ensure correct GPO to PAM service mapping, use the following sssd configuration:
access_provider = ad ad_gpo_access_control = enforcing ad_gpo_map_service = +foreman
Here, foreman is the PAM service name. For more information on GPOs, please refer to the Red Hat Enterprise Linux Windows Integration Guide.