1. Manuals
  2. Brands
  3. Symbol Manuals
  4. Wireless Access Point
  5. Spectrum24 AP-4100 Series
  6. Product reference manual

Symbol Spectrum24 AP-4100 Series Product Reference Manual page 37

Hide thumbs
Table of Contents

Advertisement

The KDC contains two components:
The default expiration time of a ticket is 12 hours (for the AP) and is not user
configurable. If the lifetime of a ticket in the KDC's security policy is different
than what is requested, the KDC selects the shortest expiration time between
the two. Each time a ticket is generated a new session and WEP encryption
key is generated.
The KDC resides on the Kerberos server (the Kerberos server can also be the
DNS server). In addition to the KDC, a Kerberos Setup Service (KSS) can be
optionally installed on the Kerberos server. The KSS runs as a client on the
KDC server when initially launched. The KSS can be used to administer
Spectrum24 devices authorized on the network. For example, an AP on the
Access Control List (ACL) is lost or stolen. The KSS marks the AP (using the
MAC address of the AP) as not authorized and notifies the administrator if
the missing AP appears elsewhere on the network attempting authentication.
All clients (MUs), KDC and services (APs) participating in the Kerberos
authentication system must have their internal clocks synchronized within a
specified maximum amount of time (known as clock skew). The KSS uses
Network Time Protocol (NTP) or the system clock on the Kerberos server to
provide clock synchronization (timestamp) between the KDC and APs as part
of the authentication process. Clock synchronization is essential since the
expiration time is associated with each ticket. If the clock skew is exceeded
between any of the participating hosts, requests are rejected.
Additionally, the KSS provides a list of authorized APs and other security setup
information that the KDC uses to authenticate clients. When setting up KSS,
assign APs an ESSID as the User ID to authenticate with the KDC.
AP-4100 Series Access Point Product Reference Guide
Authentication Service (AS)
Provides the authentication ticket containing information about the
client and the session key used with the KDC.
Ticket Granting Ticket Service (TGS)
Permits devices to communicate with a service (this could be any
application or service such as the AP RF services).
Introduction
29

Advertisement

Table of Contents
loading

Related Manuals for Symbol Spectrum24 AP-4100 Series

Related Products for Symbol Spectrum24 AP-4100 Series

Table of Contents