Table of Contents
Advertisement
Introduction
For a detailed description of the Kerberos authentication service protocol
refer to RFC 1510: Kerberos Network Authentication Service (V5).
A basic understanding of RFC 1510 Kerberos Network Authentication Service
(V5) is helpful in understanding how Kerberos functions. Kerberos optionally
uses the KSS on a Windows 2000 server. By default, Spectrum24 devices
operate in an open system network where any wireless device can associate
with an AP without authorization. Kerberos requires Spectrum24 device
authentication before access to the wired network is permitted. Kerberos
cannot operate when the AP is in wireless (WLAP) mode.
If DHCP is disabled or a DHCP server is not available, use the Kerberos
Authentication screen to manually configure Kerberos. See section "Manual
Kerberos Authentication Configuration" page 70.
Kerberos can be enabled automatically in an AP physically attached to an
Ethernet network from a DHCP server on the same network. Program the
DHCP server with the Kerberos and KSS options found in section 1.3.3:
"DHCP Support" on page 16. When the AP boots up, it automatically
requests the KSS for Kerberos parameters. If a DHCP server is not present
manually enable Kerberos in the AP see section "Manual Kerberos
Authentication Configuration" page 70. A Key Distribution Center (KDC)
contains a database of authorized users and passwords within its realm (a
realm is the Kerberos equivalent of a Windows domain). The KDC is
responsible for user authentication, the distribution of session/service keys
(tickets).
The KSS requires restarting whenever the KDC is rebooted.
28
AP-4100 Series Access Point Product Reference Guide
Advertisement
Table of Contents
