Controlling Switch Access With Kerberos - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Controlling Switch Access with Kerberos
Controlling Switch Access with Kerberos
This section describes how to enable and configure the Kerberos security system, which authenticates
requests for network resources by using a trusted third party. To use this feature, the cryptographic
(encrypted) multilayer software image must be installed on your switch. You must obtain authorization
to use this feature and to download the cryptographic software files from Cisco.com.For more
information, refer to the release notes for this release.
This section consists of these topics:
•
•
•
For Kerberos configuration examples, refer to the "Kerberos Configuration Examples" section in the
"Security Server Protocols" chapter of the Cisco IOS Security Configuration Guide, Release 12.1, at this
URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/
scdkerb.htm#xtocid1540022.
Note
For complete syntax and usage information for the commands used in this section, refer to the "Kerberos
Commands" section in the "Security Server Protocols" chapter of the Cisco IOS Security Command
Reference, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt2/srdkerb.htm.
In the Kerberos configuration examples and in the Cisco IOS Security Command Reference,
Note
Release 12.1, the trusted third party can be a Catalyst 3550 switch that supports Kerberos, that is
configured as a network security server, and that can authenticate users by using the Kerberos protocol.
Understanding Kerberos
Kerberos is a secret-key network authentication protocol, which was developed at the Massachusetts
Institute of Technology (MIT). It uses the Data Encryption Standard (DES) cryptographic algorithm for
encryption and authentication and authenticates requests for network resources. Kerberos uses the
concept of a trusted third party to perform secure verification of users and services. This trusted third
party is called the key distribution center (KDC).
The main purpose of Kerberos is to verify that users are who they claim to be and the network services
that they use are what the services claim to be. To do this, a KDC or trusted Kerberos server issues tickets
to users. These tickets, which have a limited lifespan, are stored in user credential caches. The Kerberos
server uses the tickets instead of usernames and passwords to authenticate users and network services.
A Kerberos server can be a Catalyst 3550 switch that is configured as a network security server and that
Note
can authenticate users by using the Kerberos protocol.
Catalyst 3550 Multilayer Switch Software Configuration Guide
8-32
Understanding Kerberos, page 8-32
Kerberos Operation, page 8-34
Configuring Kerberos, page 8-35
Chapter 8
Configuring Switch-Based Authentication
78-11194-09
Advertisement
Table of Contents
Troubleshooting
