Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual
Consolidated platform configuration guide, ios release 15.2(4)e
Hide thumbs
Also See for Catalyst 2960 series:
- Software configuration manual (980 pages) ,
- Command reference manual (800 pages) ,
- Configuration manual (120 pages)
Table of Contents
Advertisement
8 Host A attempts to decrypt the service credential with the user's TGT. If Host A can decrypt the service
credential, it is assured the credential came from the real KDC.
9 Host A sends the service credential to the desired network service. Note that the credential is still encrypted
with the SRVTAB shared by the KDC and the network service.
10 The network service attempts to decrypt the service credential using its SRVTAB.
11 If the network service can decrypt the credential, it is assured the credential was in fact issued from the
KDC. Note that the network service trusts anything it can decrypt from the KDC, even if it receives it
indirectly from a user. This is because the user first authenticated with the KDC.
At this point, the user is authenticated to the network service on Host B. This process is repeated each time a
user wants to access a network service in the Kerberos realm.
How to Configure Kerberos
To set up a Kerberos-authenticated server-client system, follow these steps:
• Configure the KDC by using Kerberos commands.
• Configure the switch to use the Kerberos protocol.
Configuring the KDC Using Kerberos Commands
After a host is configured to function as the KDC in the Kerberos realm, entries must be made to the KDC
database (and to modify existing database information) for all principals in the realm. Principals can be network
services on devices and hosts or principals can be users.
Note
All Kerberos command examples are based on Kerberos 5 Beta 5 of the original MIT implementation.
Later versions use a slightly different interface.
Adding Users to the KDC Database
Follow these steps to add users to the KDC and create privileged instances for those users:
SUMMARY STEPS
1. Use the su command to become root on the host running the KDC.
2. Use the kdb5_edit program to configure the commands in the next steps.
3. Use the ank (add new key) command in privileged EXEC mode to add a user to the KDC. This command
prompts for a password that the user must enter to authenticate the router. For example:
4. Use the ank command to add a privileged instance of a user. For example:
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
How to Configure Kerberos
985
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
