Manualshelf

User Manual

ManualsBrandsLantronix ManualsComputers & AccessoriesLantronix CONSLE Server 10/100MBPS ENET (SCS400-02)
161162163164165166167168169170
Security Database Configuration
11-12
To synchronize the SCS and the Kerberos clock, use the Set/Define IP Timeserver command:
Figure 11-24: Synchronizing the Clocks
2 Designate a precedence number for the Kerberos server.
Figure 11-25: Configuring Kerberos Precedence
3
Configure the primary and secondary Kerberos server locations by IP address:
Figure 11-26: Configuring Kerberos Server Locations
4 Configure the realm. The realm is the name of the Kerberos administrative region that defines the
scope of client authentication data maintained by a Kerberos server. Most installations choose realm
names that mirror their Internet domain name system. To specify the realm, use the Set/Define
Authentication Kerberos Realm command.
Figure 11-27: Configuring the Kerberos Realm
Note: The value for realm is case-sensitive. Enclose this string in quotes to retain case.
5 Configure the principle, instance, and authenticator that enable the Kerberos server to identify the
SCS. Principle, instance, and authenticator entries must be configured on the SCS to match the
corresponding entries on the Kerberos server.
The default setting for the SCS principle is rcmd; for the SCS instance, the default setting is scs.
The authenticator is the password for the principle/instance pair. It must be defined on the SCS and
the Kerberos server. A text string or an eight-byte hexadecimal value may be specified.
To specify the SCS principle, instance, and authenticator, use the Set/Define Authentication Kerberos
command:
Figure 11-28: Configuring the Principle, Instance, and Authenticator
Note: The values for principle, instance, and authenticator are case-sensitive. Enclose
these strings in quotes to retain case.
6 Configure the Key Version Number (KVNO). The key version number ensures that the SCS and
Kerberos server are using the correct authenticator for the defined principle/instance pair. A KVNO
must be configured on the SCS to match the KVNO on the Kerberos server.
Local>> DEFINE IP TIMESERVER 192.0.1.110
Local>> DEFINE AUTHENTICATION KERBEROS PRECEDENCE 2
Local>> DEFINE AUTHENTICATION KERBEROS PRIMARY 192.0.1.52
Local>> DEFINE AUTHENTICATION KERBEROS SECONDARY 192.0.1.53
Local>> DEFINE AUTHENTICATION KERBEROS REALM “phred.com”
Local>> DEFINE AUTHENTICATION KERBEROS PRINCIPLE "kerbauth"
Local>> DEFINE AUTHENTICATION KERBEROS INSTANCE "scsname"
Local>> DEFINE AUTHENTICATION KERBEROS AUTHENTICATOR "passwd"
Local>> DEFINE AUTHENTICATION KERBEROS AUTHENTICATOR 0x08FF6D3E97735421