Specifications
Managing Access Server Security
23-6
Managing Kerberos
Introduction
This section describes Kerberos security features and explains how to configure
and manage these features on the access server. To use the procedures in this
section, you must:
• Ensure that the access server can communicate with a host running Kerberos
V4 software.
• Connect and test the devices.
• Enable privileged status.
• Configure the port and device characteristics to match.
Configuration Prerequisites
This section describes the prerequisites for configuring the Kerberos security
features on an access server.
Kerberos Host Requirements
• To use Kerberos authentication, the access server must be able to communicate
over the network with a host that functions as a Kerberos V4 key distribution
center (KDC). The key distribution center is an UNIX host that runs Kerberos
software and contains a database of valid user names and passwords. The
access server does not authenticate using the Kerberos V5 protocol.
• To operate with the highest level of security, the access server must be
registered with all KDCs within the Kerberos realms in which user
authentication will take place. A realm refers to a group of hosts that share a
common administrative domain for purposes of user authentication.
• Each realm has one master KDC that contains a write-enabled database. The
master KDC propagates its database to any slave KDCs in the same realm.
A basic mode of operation is also available in which the access server does not
need to be registered in any of the realms. This mode of operation is less
secure, but easier to configure.
Refer to the access server hardware documentation for information about
connecting device cables. This section assumes that you have a basic
understanding of Kerberos.
NOTE