Filter
Top Products
Managing Kerberos
22-8 Managing Access Server Security
Example: Definition of Kerberos Settings
The following example shows a sample of the commands used to change these
settings:
Local> CHANGE KERBEROS DEFAULT REALM finance.acme.com SECRET
Secret> (not echoed)
Verification> (not echoed)
Local> CHANGE KERBEROS REALM finance.acme.com MASTER HOST
security.acme.com
Local> CHANGE KERBEROS REALM finance.acme.com HOST
atlas.acme.com
Local> CHANGE KERBEROS PASSWORD SERVICE PORT 89
Local> CHANGE KERBEROS TICKET PORT SERVICE PORT 88
Local> CHANGE KERBEROS TIMEOUT 20
This example shows the more secure Kerberos configuration. The access server itself
is registered in the realm:
finance.acme.com
The access server user name is always “rcmd” while its instance is the same as its
server name. In previous example, if the server name is LAT_08002B010203, then the
Kerberos principal name is:
rcmd.LAT_08002B010203@finance.acme.com
The access server Kerberos password is the value of SECRET:
thisiswhereallthemoneyis
To perform authentication, the Kerberos system administrator must register the access
server Kerberos user name, instance, and password in the master KDC for each of the
realms. If the administrator does not specify a SECRET value in the access server
database, then the access server can perform user authentication without being
registered in the realm.