Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
How to Configure Kerberos
DETAILED STEPS
Step 1
Use the su command to become root on the host running the KDC.
Step 2
Use the kdb5_edit program to configure the commands in the next steps.
The Kerberos realm name in the following steps must be in uppercase characters.
Note
Step 3
Use the ank (add new key) command in privileged EXEC mode to add a user to the KDC. This command prompts for
a password that the user must enter to authenticate the router. For example:
Example:
Device # ank username@REALM
Step 4
Use the ank command to add a privileged instance of a user. For example:
ank username/instance@REALM
Device #
Example
The following example adds the user loki to the Kerberos realm COMPANY.COM:
ank loki@COMPANY.COM
Privileged instances can be created to allow network administrators to connect to the router at the enable level
so that a clear text password is not used to avoid compromising security and to enter enabled modes. See the
Enabling Kerberos Instance Mapping, on page 991
various Cisco IOS privilege levels.
Creating and Extracting a SRVTAB on the KDC
All devices authenticated through Kerberos must have a SRVTAB that contains the password or randomly
generated key for the service principal key that was entered into the KDC database. A service principal key
must be shared with the host running that service. To do this, the SRVTAB entry must be saved (extracted)
to a file and copied to the device and all hosts in the Kerberos realm.
Follow these steps to make a SRVTAB entry and extract this SRVTAB to a file on the KDC in privileged
EXEC mode:
SUMMARY STEPS
1. Use the ark (add random key) command to add a network service supported by a host or device to the
KDC. For example:
2. Use the kdb5_edit command xst to write an SRVTAB entry to a file. For example:
3. Use the quit command to exit the kdb5_edit program.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
986
for more information on mapping Kerberos instances to
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
