1. Manuals
  2. Brands
  3. Symbol Manuals
  4. Wireless Access Point
  5. Spectrum24 AP-4100 Series
  6. Product reference manual

Kss Databases; Roaming And Authentication - Symbol Spectrum24 AP-4100 Series Product Reference Manual

Hide thumbs
Table of Contents

Advertisement

1.3.12 KSS Databases

The optional KSS has two databases. One database stores valid access
points (AP setup account). The other database stores Kerberos account
information (Kerberos entry account). The AP setup account database stores
validation information for an AP . This database uses the AP MAC address as
a Primary Key. The entry includes the range of time the AP is allowed access
and status information. A Foreign Key entry for a record in the AP setup
account is the Kerberos Principal for this AP . This Foreign Key is used as an
index to the Kerberos Entry account database to retrieve other Kerberos
information for the AP . The Kerberos Entry account database stores specific
Kerberos information for APs. It uses the Kerberos Principal (AP's ESSID) as its
Primary Key, and it includes other Kerberos network information that an AP
needs to authenticate with the KDC.
When an AP requests information from the KSS, the KSS queries the AP Setup
database to validate the AP . If the AP is valid the KSS will query its Kerberos
Entry account database for the AP's Kerberos information. The KSS packages
the information and sends it to the AP .
APs with the same ESSID will share common Kerberos Entry account
information since the ESSID is used as an AP Kerberos Principal.

1.3.13 Roaming and Authentication

When an MU authenticates through the KDC it specifies that it wants access
to the AP that it has associated with. When the MU completes the full AS-
REQ/AS-REP , TGT-REQ/TGT-REP , and AP-REQ/AP-REP hand-shake sequence,
it possesses a ticket and a session key (WEP encryption key) for use in
communicating with that AP . However, since the password and the username
are the same for all APs, that ticket decrypts and validates with any AP .
When a MU roams, after it has associated with the new AP it sends to that AP
the same AP-REQ that it sent to the AP that it first authenticated with. The new
AP decrypts the ticket and validates the authenticator in the AP-REQ message.
It then sends back an AP-REP with a new session key to the MU and normal
communication through the new AP can continue.
AP-4100 Series Access Point Product Reference Guide
Introduction
33

Advertisement

Table of Contents
loading

Related Manuals for Symbol Spectrum24 AP-4100 Series

Related Content for Symbol Spectrum24 AP-4100 Series

Table of Contents