Specifications
Managing Access Server Security
23-8
Example: Definition of Kerberos Settings
The following example shows a sample of the commands used to change these
settings:
Local> CHANGE KERBEROS DEFAULT REALM finance.acme.com SECRET
Secret> (not echoed)
Verification> (not echoed)
Local> CHANGE KERBEROS REALM finance.acme.com MASTER HOST security.acme.com
Local> CHANGE KERBEROS REALM finance.acme.com HOST atlas.acme.com
Local> CHANGE KERBEROS PASSWORD SERVICE PORT 89
Local> CHANGE KERBEROS TICKET PORT SERVICE PORT 88
Local> CHANGE KERBEROS TIMEOUT 20
This example shows the more secure Kerberos configuration. The access server
itself is registered in the realm:
finance.acme.com
The access server user name is always “rcmd” while its instance is the same as its
server name. In previous example, if the server name is LAT_08002B010203, then
the Kerberos principal name is:
rcmd.LAT_08002B010203@finance.acme.com
The access server Kerberos password is the value of SECRET:
thisiswhereallthemoneyis
To perform authentication, the Kerberos system administrator must register the
access server Kerberos user name, instance, and password in the master KDC for
each of the realms. If the administrator does not specify a SECRET value in the
access server database, then the access server can perform user authentication
without being registered in the realm.
Displaying Kerberos Settings
The following example shows a sample display of Kerberos settings:
Local> show kerb characteristics
Retransmit Interval: Retransmit Timeout: 0 00:00:08
Ticket service port: 750 Password service port: 751
Realm: mfg.acme.com
Secret: (None)
Authorization Defaults:
Access: (None) Forced Callback: DISABLED
Max Connect: (None) Dialout Service: (None)
Dialback Number: 6111
Dialout Number: (None)
Permissions: DIALBACK, DIALOUT, LAT, TELNET, SLIP, PPP, NOPRIV