Home > Data Protection > PowerProtect DD Series Appliances > Dell Data Domain Boost File System: Deployment and Configuration > BoostFS authentication methods
BoostFS has two authentication options:
RSA Lockbox is the default password manager for BoostFS for Windows. To use RSA Lockbox, the lockbox must be configured by using the boostfs lockbox set command.
Sharing a common lockbox file enables you to create a single management point for BoostFS clients to access BoostFS mount points on PowerProtect or Data Domain systems.
A common lockbox file can be created for all BoostFS clients from a primary client. By using this feature, you can avoid creating a separate lockbox file for each unique BoostFS client.
The primary client is the client from which the shared lockbox is initially created. Because some operations can be performed only from the primary client, record which client is the primary.
The easiest way to share a lockbox file is to store it in a network share that is accessible by all clients that use it.
BoostFS for Windows supports the MIT implementation of Kerberos authentication as an alternative to RSA Lockbox authentication.
The primary entities involved with Kerberos authentication are:
The Kerberos file contains a "shared secret" (a password, passphrase, or other unique identifier) between the KDC server and the PowerProtect DD appliance.
In an Active Directory environment, the Windows server that hosts the Active Directory service also acts as the KDC and Domain Name Server (DNS).
To authenticate using Kerberos, a Ticket Granting Ticket (TGT) must be acquired for two types of user accounts:
Each user has access to only the tickets they create with the BoostFS Kerberos commands. Users cannot access tickets that others have created.
For more detailed information about using RSA Lockbox-based and Kerberos-based authentication with BoostFS for Windows, see the DD BoostFS for Windows Configuration Guide.