Filter
Top Products
Security Type Descriptions
22-2 Managing Access Server Security
Security Type Descriptions
Introduction
This section describes the types of security that the access server supports.
Kerberos
Kerberos is a user authentication system designed for open network computing
environments. It provides for the authentication of a user name and password pair, by
means of a host system accessible over the network. Once the user name and password
pair is verified, the access server assigns any default authorization that identify the
access server services allowed for that user’s session.
Realm Definition
Associated with a Kerberos login, a user specifies a realm. A realm is known by its
realm name, a printable string of characters. The realm name identifies an
administrative domain, and a set of realm parameters that are needed to administrate
the logins for that realm. The administrator can also associate many other access server
related parameters with a realm name.
The SHOW KERBEROS REALM
realm-name
command displays all the assignable
parameters for all Kerberos realms. Realm definition and usage is the same for all other
security methods supported by the access server, as are the characteristics that realms
allow the administrator to define.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is a security method that
provides authorization information during the authentication procedure. Authorization
information is a means for tailoring most of the configurable features of the access
server to a particular user name. The authorization characteristics are not stored on the
access server, but are embedded in the database that exists on the security host serving
as the RADIUS authenticator. This chapter describes the RADIUS authorization
attributes that the access server supports. See the Managing RADIUS section in this
chapter.
RADIUS Authorization
When a user attempts to log in using a realm, the user enters a string in the following
format:
user-name
@
realm-name