hit counter script

Cisco Catalyst 3560-X Software Configuration Manual page 272

Hide thumbs Also See for Catalyst 3560-X:
Table of Contents

Advertisement

Controlling Switch Access with Kerberos
The Kerberos credential scheme uses a process called single logon. This process authenticates a user
once and then allows secure authentication (without encrypting another password) wherever that user
credential is accepted.
This software release supports Kerberos 5, which allows organizations that are already using Kerberos 5
to use the same Kerberos authentication database on the KDC that they are already using on their other
network hosts (such as UNIX servers and PCs).
In this software release, Kerberos supports these network services:
Telnet
rlogin
rsh (Remote Shell Protocol)
Table 1-5
Table 1-5
Term
Authentication
Authorization
Credential
Instance
2
KDC
Kerberized
Kerberos realm
Catalyst 3750-X and 3560-X Switch Software Configuration Guide
1-40
lists the common Kerberos-related terms and definitions:
Kerberos Terms
Definition
A process by which a user or service identifies itself to another service.
For example, a client can authenticate to a switch or a switch can
authenticate to another switch.
A means by which the switch identifies what privileges the user has in a
network or on the switch and what actions the user can perform.
A general term that refers to authentication tickets, such as TGTs
service credentials. Kerberos credentials verify the identity of a user or
service. If a network service decides to trust the Kerberos server that
issued a ticket, it can be used in place of re-entering a username and
password. Credentials have a default lifespan of eight hours.
An authorization level label for Kerberos principals. Most Kerberos
principals are of the form user@REALM (for example,
smith@EXAMPLE.COM). A Kerberos principal with a Kerberos
instance has the form user/instance@REALM (for example,
smith/admin@EXAMPLE.COM). The Kerberos instance can be used to
specify the authorization level for the user if authentication is successful.
The server of each network service might implement and enforce the
authorization mappings of Kerberos instances but is not required to do so.
Note
Note
Key distribution center that consists of a Kerberos server and database
program that is running on a network host.
A term that describes applications and services that have been modified
to support the Kerberos credential infrastructure.
A domain consisting of users, hosts, and network services that are
registered to a Kerberos server. The Kerberos server is trusted to verify
the identity of a user or network service to another user or network
service.
Note
Chapter 1
The Kerberos principal and instance names must be in all
lowercase characters.
The Kerberos realm name must be in all uppercase characters.
The Kerberos realm name must be in all uppercase characters.
Configuring Switch-Based Authentication
OL-25303-03
1
and

Advertisement

Table of Contents
loading

This manual is also suitable for:

Catalyst 3750-x

Table of Contents