Kerberos Authentication; Kerberos Server Authentication With Tickets Support - Avocent Cyclades ACS Command Reference Manual

Advanced console server

Hide thumbs Also See for Cyclades ACS:

Installation/administration/user manual (212 pages)

Installation/administration/user manual (212 pages)

Installation/administration/user manual (20 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

Table of Contents

ACS Advanced Console Server Command Reference Guide

The following examples illustrate the use of NIS to authenticate users.

•

Authenticate the user in the local database; if the user is not found, then use NIS.

passwd: files nis

shadow: files nis

group: files nis

•

Authenticate the user using NIS; if the user is not found, then use the local database.

passwd: nis files

shadow: nis files

group: nis files

•

Authenticate the user using NIS; if the user is not found or the NIS server is down, use the

local database.

passwd: nis [UNAVAIL=continue TRYAGAIN=continue] files

shadow: nis [UNAVAIL=continue TRYAGAIN=continue] files

group: nis [UNAVAIL=continue TRYAGAIN=continue] files

Kerberos Authentication

Kerberos is a network authentication protocol designed for use on unsecured networks, based on

the key distribution model. It allows individuals communicating over a network to prove their

identity to each other while preventing eavesdropping or replay attacks. It provides detection of

modification and prevention of unauthorized reading.

Kerberos server authentication with tickets support

The ACS console server has support to interact on a kerberized network. On a kerberized network,

the Kerberos database contains principals and keys (for users, keys are derived from passwords).

The Kerberos database also contains keys for all of the network services.

When a user on a kerberized network logs in to the workstation, the principal is sent to the Key

Distribution Center (KDC) as a request for a Ticket Granting Ticket (TGT). This request may be

sent by the login program so that it is transparent to the user, or may be sent by the kinit program

after the user logs in.

The KDC checks for the principal in its database. If the principal is found, the KDC creates a TGT,

encrypts it using the user's key and sends it back to the user.

The login program or kinit decrypts the TGT using the user's key, which is computed from the

user's password. The TGT, which is set to expire after a certain period of time, is stored in the

credentials cache. An expiration time is set so that a compromised TGT may only be used for a

certain period of time, usually eight hours, unlike a compromised password, which could be used

until changed. The user does not have to re-enter the password until the TGT expires or a new

session is started.

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Kerberos Authentication; Kerberos Server Authentication With Tickets Support - Avocent Cyclades ACS Command Reference Manual

Kerberos Authentication

Kerberos server authentication with tickets support

Hide quick links:

Troubleshooting

Related Manuals for Avocent Cyclades ACS

Related Content for Avocent Cyclades ACS

Table of Contents