Table of Contents
Advertisement
Configuring Authentication
Configuring Kerberos Authentication
Before you can use Kerberos as an authentication method on the switch, you need to configure the
Kerberos server. You will need to create a database for the KDC and add the switch to the database.
To configure the Kerberos server, follow these steps:
Before you can enter the switch in the Kerberos server's key table, you must create the database the KDC
Step 1
will use. In the following example, a database called CISCO.EDU is created:
/usr/local/sbin/kdb5_util create -r CISCO.EDU -s
Add the switch to the database. The following example adds a switch called Cat4012 to the CISCO.EDU
Step 2
database:
ank host/Cat4012.cisco.edu@CISCO.EDU
Add the user name.
Step 3
ank user1@CISCO.EDU
Step 4
Add the Administrative Principals.
ank user1/admin@CISCO.EDU
Step 5
Create the entry for the switch in the database, using the admin.local ktadd command.
ktadd host/Cat4012.cisco.edu@CISCO.EDU
Move the keytab file to a place where the switch can reach it.
Step 6
Start the KDC server.
Step 7
/usr/local/sbin/krb4kdc
The following sections describe how to configure Kerberos authentication on the switch:
•
•
•
•
•
•
•
•
•
Software Configuration Guide—Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4
27-30
/usr/local/sbin/kadmind
Enabling Kerberos, page 27-31
Defining the Kerberos Local-Realm, page 27-31
Specifying a Kerberos Server, page 27-32
Mapping a Kerberos Realm to a Host Name or DNS Domain, page 27-33
Copying SRVTAB Files, page 27-33
Enabling Credentials Forwarding, page 27-35
Defining a Private DES Key, page 27-37
Encrypting a Telnet Session, page 27-37
Monitoring and Maintaining Kerberos, page 27-38
Chapter 27
Configuring Switch Access Using AAA
78-12647-02
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
