Kerberos Operation - Cisco Catalyst 3550 series Software Configuration Manual
Multilayer switch
Hide thumbs
Also See for Catalyst 3550 series:
- Reference manual (58 pages) ,
- Datasheet (21 pages) ,
- Manual (19 pages)
Table of Contents
Advertisement
Controlling Switch Access with Kerberos
Table 8-2
Term
Kerberos server
KEYTAB
Principal
Service credential
SRVTAB
TGT
1. TGT = ticket granting ticket
2. KDC = key distribution center
3. KEYTAB = key table
4. SRVTAB = server table
Kerberos Operation
This section describes how Kerberos operates with a Catalyst 3550 switch that is configured as a network
security server. Although you can customize Kerberos in a number of ways, remote users attempting to
access network services must pass through three layers of security before they can access network
services.
To authenticate to network services by using a Catalyst 3550 switch as a Kerberos server, remote users
must follow these steps:
1.
2.
3.
Note
A Kerberos server can be a Catalyst 3550 switch that is configured as a network security server and that
can authenticate remote users by using the Kerberos protocol.
Catalyst 3550 Multilayer Switch Software Configuration Guide
8-34
Kerberos Terms (continued)
Definition
A daemon that is running on a network host. Users and network services
register their identity with the Kerberos server. Network services query
the Kerberos server to authenticate to other network services.
3
A password that a network service shares with the KDC. In Kerberos 5
and later Kerberos versions, the network service authenticates an
encrypted service credential by using the KEYTAB to decrypt it. In
Kerberos versions earlier than Kerberos 5, KEYTAB is referred to as
SRVTAB
Also known as a Kerberos identity, this is who you are or what a service
is according to the Kerberos server.
Note
A credential for a network service. When issued from the KDC, this
credential is encrypted with the password shared by the network service
and the KDC. The password is also shared with the user TGT.
A password that a network service shares with the KDC. In Kerberos 5
or later Kerberos versions, SRVTAB is referred to as KEYTAB.
Ticket granting ticket that is a credential that the KDC issues to
authenticated users. When users receive a TGT, they can authenticate to
network services within the Kerberos realm represented by the KDC.
Authenticating to a Boundary Switch, page 8-35
Obtaining a TGT from a KDC, page 8-35
Authenticating to Network Services, page 8-35
Chapter 8
4
.
The Kerberos principal name must be in all lowercase
characters.
Configuring Switch-Based Authentication
78-11194-09
Advertisement
Table of Contents
Troubleshooting
