Specifications
Managing Access Server Security
23-2
Security Type Descriptions
Introduction
This section describes the types of security that the access server supports.
Kerberos
Kerberos is a user authentication system designed for open network computing
environments. It provides for the authentication of a user name and password
pair, by means of a host system accessible over the network. Once the user name
and password pair is verified, the access server assigns any default authorization
that identify the access server services allowed for that user’s session.
Realm Definition
Associated with a Kerberos login, a user specifies a realm. A realm is known by its
realm name, a printable string of characters. The realm name identifies an
administrative domain, and a set of realm parameters that are needed to
administrate the logins for that realm. The administrator can also associate many
other access server related parameters with a realm name.
The SHOW KERBEROS REALM realm-name command displays all the
assignable parameters for all Kerberos realms. Realm definition and usage is the
same for all other security methods supported by the access server, as are the
characteristics that realms allow the administrator to define.
RADIUS
RADIUS (Remote Authentication Dial-In User Service) is a security method that
provides authorization information during the authentication procedure.
Authorization information is a means for tailoring most of the configurable
features of the access server to a particular user name. The authorization
characteristics are not stored on the access server, but are embedded in the
database that exists on the security host serving as the RADIUS authenticator.
This chapter describes the RADIUS authorization attributes that the access server
supports. See the Managing RADIUS section in this chapter.
For more information about the DECserver’s implementation of RADIUS
Accounting RFC 2139, see the DECserver RADIUS Survival Guide that is
included as an ASCII text file in your media distribution kit.