Specifications
23-9
Managing Access Server Security
Port Configuration
You need to configure user authentication on the access server on a port-by-port
basis. To enable the authentication on a given port, you enter a command such as:
Local> DEFINE PORT 2 AUTHENTICATION ENABLED
Example: Sample SHOW PORT Command
After enabling authentication on a port, you can then display the port settings to
verify that user authentication is enabled as shown in the following example:
Local> SHOW PORT 1
Port 1: smith Server: TSM700
.
.
.
Enabled Characteristics:
Authentication, Autoconnect, Autoprompt, Broadcast,
Failover, Input Flow Control, Lock, Loss Notification,
Message Codes, Output Flow Control, Lock Notification,
Verification
User Authentication Procedure
When the system administrator configures Kerberos security features for a given
access server port, you need to enter a valid user name and password when you
log on to the access server. A complete Kerberos principal name has the following
format:
user-name[.instance]@realm-name
To abort the authentication process, press the Break key or the Local Switch key.
By default, Kerberos allows you three attempts to enter a valid user name and
password. After three unsuccessful attempts to enter a user name and password,
the access server disables the authentication procedure on the port for a period of
1 minute.
To change the default number of invalid authentication attempts, use the SET
PASSWORD LIMIT command.
Example: Authentication with a Complete User Name
The following example shows a typical user authentication that uses the complete
form of the Kerberos principal name. This session assumes that the Kerberos
administrator has entered your user name and password in the Kerberos
database.