Filter
Top Products
Managing Kerberos
22-6 Managing Access Server Security
Managing Kerberos
Introduction
This section describes Kerberos security features and explains how to configure and
manage these features on the access server.
To use the procedures in this section, you must:
• Ensure that the access server can communicate with a host running Kerberos V4
software.
• Connect and test the devices.
• Enable privileged status.
• Configure the port and device characteristics to match.
Reference
Refer to the access server hardware documentation for information about connecting
device cables. This section assumes that you have a basic understanding of Kerberos.
Refer to
Digital's Guide to Kerberos
for more information.
Configuration Prerequisites
This section describes the prerequisites for configuring the Kerberos security features
on an access server.
Kerberos Host Requirements
• To use Kerberos authentication, the access server must be able to communicate
over the network with a host that functions as a Kerberos V4 key distribution
center (KDC). The key distribution center is an ULTRIX or UNIX host that runs
Kerberos software and contains a database of valid user names and passwords.
The access server does
not
authenticate using the Kerberos V5 protocol.
• To operate with the highest level of security, the access server must be registered
with all KDCs within the Kerberos realms in which user authentication will take
place. A realm refers to a group of hosts that share a common administrative
domain for purposes of user authentication.
• Each realm has one master KDC that contains a write-enabled database. The
master KDC propagates its database to any slave KDCs in the same realm.
A basic mode of operation is also available in which the access server does not
need to be registered in any of the realms. This mode of operation is less secure,
but easier to configure.