You can configure whether BlackBerry® devices authenticate to content servers directly, or whether the BlackBerry MDS Connection Service authenticates to content servers on behalf of BlackBerry devices. If you configure BlackBerry devices to authenticate directly to content servers but you do not configure an authentication method for BlackBerry MDS Connection Service connections, authenticated BlackBerry devices prompt users to provide login information every 60 minutes. The BlackBerry devices prompt users only if the connection to the content server persists for more than 60 minutes.

1. In the BlackBerry Administration Service, on the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click MDS Connection Service.
3. Click Edit component.
4. On the HTTP tab, in the Protocol service information section, in the Authentication support enabled drop-down list, perform one of the following actions:
   • If you want BlackBerry devices to authenticate to content servers directly, click No.
   • If you want the BlackBerry MDS Connection Service to store authentication information and perform HTTP authentication on behalf of BlackBerry devices, click Yes.
5. If necessary, in the Authentication timeout field, type the length of time, in milliseconds, that you want authentication information for BlackBerry devices to remain valid on the content server. By default, the authentication timeout limit is 1 hour.
6. Click Save all.

After you finish: If you set Authentication support enabled to Yes, configure the BlackBerry MDS Connection Service to authenticate to content servers that use NTLM, Kerberos™, LTPA, or RSA® Authentication Manager on behalf of BlackBerry devices.

Before you begin: Configure the BlackBerry® MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices.

1. Navigate to <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\Instance\config.
2. Configure the MdsLogin.conf file.

Before you begin: Configure the BlackBerry® MDS Connection Service to authenticate to content servers on behalf of BlackBerry devices.

1. Navigate to <drive>:\Program Files\Research In Motion\BlackBerry Enterprise Server\MDS\Servers\Instance\config.
2. Configure the krb5.conf file.

BlackBerry® devices that are running BlackBerry® Device Software version 3.8 or later manage how HTTP cookies are stored and used to authenticate to content servers that use LTPA authentication technology. For BlackBerry devices that use previous versions of the BlackBerry Device Software, you must permit the BlackBerry MDS Connection Service to manage HTTP cookie storage on BlackBerry devices.

1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click MDS Connection Service.
3. Click Edit component.
4. On the HTTP tab, in the Protocol service information section, in the Cookie support enabled drop-down list, click Yes.
5. Click Save all.

When you turn on RSA® authentication, users must type their login information on their BlackBerry® devices before they can access intranet or Internet content. After users are authenticated, if proxy authentication is configured, the BlackBerry devices prompt users to authenticate to the proxy server.

1. In the BlackBerry Administration Service, in the Servers and components menu, expand BlackBerry Solution topology > BlackBerry Domain > Component view.
2. Click MDS Connection Service.
3. Click Edit component.
4. On the RSA tab, in the Protocol service information section, in the Authentication support enabled drop-down list, click Yes.
5. In the Authentication timeout field, type a number, in minutes, to specify how long authenticated BlackBerry devices can remain connected to your organization's network while the users are active. By default, the authenticated connection persists for 24 hours.
6. In the Inactivity timeout field, type a number, in minutes, to specify how long BlackBerry devices can remain connected to your organization's network while the users are inactive. By default, an authenticated connection persists for 60 minutes of user inactivity on BlackBerry devices.
7. Click Save all.