Table of Contents
Advertisement
Chapter 7
Configuring Switch-Based Authentication
Table 7-5
Term
Authentication
Authorization
Credential
Instance
2
KDC
Kerberized
Kerberos realm
Kerberos server
KEYTAB
OL-12247-04
Kerberos Terms
Definition
A process by which a user or service identifies itself to another service.
For example, a client can authenticate to a switch or a switch can
authenticate to another switch.
A means by which the switch identifies what privileges the user has in a
network or on the switch and what actions the user can perform.
A general term that refers to authentication tickets, such as TGTs
service credentials. Kerberos credentials verify the identity of a user or
service. If a network service decides to trust the Kerberos server that
issued a ticket, it can be used in place of re-entering a username and
password. Credentials have a default lifespan of eight hours.
An authorization level label for Kerberos principals. Most Kerberos
principals are of the form user@REALM (for example,
smith@EXAMPLE.COM). A Kerberos principal with a Kerberos
instance has the form user/instance@REALM (for example,
smith/admin@EXAMPLE.COM). The Kerberos instance can be used to
specify the authorization level for the user if authentication is successful.
The server of each network service might implement and enforce the
authorization mappings of Kerberos instances but is not required to do so.
Note
Key distribution center that consists of a Kerberos server and database
program that is running on a network host.
A term that describes applications and services that have been modified
to support the Kerberos credential infrastructure.
A domain consisting of users, hosts, and network services that are
registered to a Kerberos server. The Kerberos server is trusted to verify
the identity of a user or network service to another user or network
service.
Note
A daemon that is running on a network host. Users and network services
register their identity with the Kerberos server. Network services query
the Kerberos server to authenticate to other network services.
3
A password that a network service shares with the KDC. In Kerberos 5
and later Kerberos versions, the network service authenticates an
encrypted service credential by using the KEYTAB to decrypt it. In
Kerberos versions earlier than Kerberos 5, KEYTAB is referred to as
SRVTAB
Cisco Catalyst Blade Switch 3130 and 3032 for Dell Software Configuration Guide
The Kerberos principal and instance names must be in all
lowercase characters. The Kerberos realm name must be in all
uppercase characters.
The Kerberos realm name must be in all uppercase characters.
4
.
Controlling Switch Access with Kerberos
1
and
7-41
Advertisement
Chapters
Table of Contents
Troubleshooting
