Introduction
AP-4131 Access Point Product Reference Guide 27
For a detailed description of the Kerberos authentication service protocol
refer to RFC 1510: Kerberos Network Authentication Service (V5).
A basic understanding of RFC 1510 Kerberos Network Authentication Service
(V5) is helpful in understanding how Kerberos functions. Kerberos requires
the installation of the KSS on a Windows 2000 server. By default,
Spectrum24 devices operate in an open system network where any wireless
device can associate with an AP without authorization. Kerberos requires
Spectrum24 device authentication before access to the wired network is
permitted. Kerberos cannot operate when the AP is in wireless (WLAP) mode.
If DHCP is disabled or a DHCP server is not available, use the Kerberos
Authentication screen to manually configure Kerberos.
Kerberos can be enabled automatically in an AP physically attached to an
Ethernet network from a DHCP server on the same network. Program the
DHCP server with the Kerberos and KSS options found in section 1.3.3:
”DHCP Support” on page 15. When the AP boots up, it automatically
requests the KSS for Kerberos parameters. If a DHCP server is not present
manually enable Kerberos in the AP. A Key Distribution Center (KDC)
contains a database of authorized users and passwords within its realm (a
realm is the Kerberos equivalent of a Windows domain). The KDC is
responsible for user authentication, the distribution of session/service keys
(tickets).
The KSS requires restarting whenever the KDC is rebooted.
The KDC contains two components: