Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
Information About Kerberos
• So that remote users can authenticate to network services, you must configure the hosts and the KDC
• A Kerberos server can be a switch that is configured as a network security server and that can authenticate
When you add or create entries for the hosts and users, follow these guidelines:
• The Kerberos principal name must be in all lowercase characters.
• The Kerberos instance name must be in all lowercase characters.
• The Kerberos realm name must be in all uppercase characters.
Information About Kerberos
Kerberos and Switch Access
This section describes how to enable and configure the Kerberos security system, which authenticates requests
for network resources by using a trusted third party.
In the Kerberos configuration examples, the trusted third party can be any switch that supports Kerberos,
Note
that is configured as a network security server, and that can authenticate users by using the Kerberos
protocol.
Kerberos Overview
Kerberos is a secret-key network authentication protocol, which was developed at the Massachusetts Institute
of Technology (MIT). It uses the Data Encryption Standard (DES) cryptographic algorithm for encryption
and authentication and authenticates requests for network resources. Kerberos uses the concept of a trusted
third party to perform secure verification of users and services. This trusted third party is called the key
distribution center (KDC).
Kerberos verifies that users are who they claim to be and the network services that they use are what the
services claim to be. To do this, a KDC or trusted Kerberos server issues tickets to users. These tickets, which
have a limited life span, are stored in user credential caches. The Kerberos server uses the tickets instead of
user names and passwords to authenticate users and network services.
A Kerberos server can be any switch that is configured as a network security server and that can authenticate
Note
users by using the Kerberos protocol.
The Kerberos credential scheme uses a process called single logon. This process authenticates a user once
and then allows secure authentication (without encrypting another password) wherever that user credential is
accepted.
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
980
in the Kerberos realm to communicate and mutually authenticate users and network services. To do this,
you must identify them to each other. You add entries for the hosts to the Kerberos database on the KDC
and add KEYTAB files generated by the KDC to all hosts in the Kerberos realm. You also create entries
for the users in the KDC database.
users by using the Kerberos protocol.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
