Configuring Access Point Security
6-9
7. Click Cancel to return to the target WLAN screen without keeping any of the changes made
within the New Security Policy screen.
6.4 Configuring Kerberos Authentication
Kerberos (designed and developed by MIT) provides strong authentication for client/server
applications using secret-key cryptography. Using Kerberos, a client must prove its identity to a server
(and vice versa) across an insecure network connection.
Once a client and server use Kerberos to prove their identity, they can encrypt all communications to
assure privacy and data integrity. Kerberos can only be used on the AP-5131 with Symbol clients.
Kerberos uses the Network Time Protocol (NTP) for synchronizing the clocks of its Key Distribution
Center (KDC) server(s). Use the NTP Servers screen to specify the IP addresses and ports of available
NTP servers. Kerberos requires the Enable NTP on AP-5131 checkbox be selected for authentication
to function properly. See Configuring Network Time Protocol (NTP) on page 4-32 to configure the NTP
server.
To configure Kerberos on the AP-5131:
1. Select Network Configuration -> Wireless -> Security from the AP-5131 menu tree.
If security policies supporting Kerberos exist, they appear within the Security
Configuration screen. These existing policies can be used as is, or their properties edited
by clicking the Edit button. To configure a new security policy supporting Kerberos, continue
to step 2.
2. Click the Create button to configure a new policy supporting Kerberos.
The New Security Policy screen displays with no authentication or encryption options
selected.
CAUTION Kerberos makes no provisions for host security. Kerberos assumes
that it is running on a trusted host with an untrusted network. If host
security is compromised, Kerberos is compromised as well
NOTE If 802.11a is selected as the radio used for a specific WLAN, the WLAN
cannot use a Kerberos supported security policy, as no 802.11a clients can
support Kerberos on the AP-5131.
!