Configuring A Kerberos Authentication Server - Avocent MERGEPOINT 53XX SP MANAGER Installer/User Manual

68 MergePoint Service Processor Manager SP53XX Installer/User Guide
Table 4.1: Supported Authentication Methods (Continued)
Method
Local/AuthType
NOTE: The AuthType is Kerberos, LDAP, NIS, RADIUS, SMB, TACACS+ or DSView. For the DSView
authentication method, the MergePoint appliance must be managed by the DSView 3 management software;
otherwise, the DSView authentication will fail.
The default authentication service type is Kerberos. If any other authentication method is selected,
additional fields appear on the screen for specifying the information for an authentication service of
the selected method.
When the administrative user configures an authentication server on this page, the server is
available to perform authentication checking for logins to the MergePoint SP manager, if the
MergePoint SP manager is subsequently configured to use that authentication method. See
Configuring an authentication method for the MergePoint SP manager on page 72 for how the
MergePoint SP manager is assigned an authentication method.

Configuring a Kerberos authentication server

You need to configure a Kerberos authentication server when the MergePoint SP manager is
configured to use the Kerberos authentication method or any of its variations (Kerberos, Local/
Kerberos, Kerberos/Local or Kerberos Down/Local).
If the Kerberos authentication server (which is also referred to as a Key Distribution Center, or
KDC) has previously been configured in either of the authentication configuration screens, the
fields are filled in with the previously configured values.
NOTE: The Kerberos KDC rejects tickets when the timestamp on an authentication request from a host is not
within the maximum clock skew time specified in the KDC's hdc.conf file. Therefore, it is essential for the time on
the MergePoint SP manager to be synchronized with the time on the KDC.
To configure a Kerberos authentication server:
1. Make sure entries for the appliance and the Kerberos server exist in the MergePoint SP
manager's /etc/hosts file.
a. Select the Network - Host Table menu option. The Host Table form appears.
b. Add an entry for appliance (if needed) and add an entry for the Kerberos server.
2. Make sure that time zone and time and date settings are synchronized between the MergePoint
SP manager and on the Kerberos server.
NOTE: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily
achieved by setting both the MergePoint SP manager and the Kerberos server to use the same NTP server.
a. Follow the procedure to set the time zone, date and time.
Definition
Use the AuthType authentication if local authentication fails.