Consolidated Platform Configuration Guide, Cisco Ios Release 15.2(4)E (Catalyst 2960-X Switches - Cisco Catalyst 2960 series Configuration Manual

DETAILED STEPS
Step 1 Use the ark (add random key) command to add a network service supported by a host or device to the KDC. For example:
Example:
Device# ark
SERVICE/HOSTNAME@REALM
Step 2 Use the kdb5_edit command xst to write an SRVTAB entry to a file. For example:
Example:
Device# xst
device-name host
Step 3 Use the quit command to exit the kdb5_edit program.
Example
The following example shows how to add a Kerberized authentication service for a device called device1 to
the Kerberos realm COMPANY.COM:
ark host/device1.company.com@COMPANY.COM
The following example shows how to write an entry for all network services on all Kerberized hosts that use
this KDC for authentication to a file:
xst device1.company.com@COMPANY.COM host
Configuring the Device to Use the Kerberos Protocol
Defining a Kerberos Realm
For a device to authenticate a user defined in the Kerberos database, it must know the host name or IP address
of the host running the KDC, the name of the Kerberos realm and, optionally, be able to map the host name
or Domain Name System (DNS) domain to the Kerberos realm.
To configure the device to authenticate to a specified KDC in a specified Kerberos realm, use the following
commands in global configuration mode. Note that DNS domain names must begin with a leading dot (.):
SUMMARY STEPS
1. Device(config)# kerberos local-realmkerberos-realm
2. Device(config)# kerberos serverkerberos-realm {hostname | ip-address } [port-number ]
3. Device(config)# kerberos realm {dns-domain | host } kerberos-realm

Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)

How to Configure Kerberos
987