This software release supports Kerberos 5, which allows organizations that are already using Kerberos 5 to
use the same Kerberos authentication database on the KDC that they are already using on their other network
hosts (such as UNIX servers and PCs).
Kerberos supports these network services:
•
Telnet
•
rlogin
•
rsh
This table lists the common Kerberos-related terms and definitions.
Table 99: Kerberos Terms
DefinitionTerm
A process by which a user or service identifies itself
to another service. For example, a client can
authenticate to a switch or a switch can authenticate
to another switch.
Authentication
A means by which the switch identifies what
privileges the user has in a network or on the switch
and what actions the user can perform.
Authorization
A general term that refers to authentication tickets,
such as TGTs
8
and service credentials. Kerberos
credentials verify the identity of a user or service. If
a network service decides to trust the Kerberos server
that issued a ticket, it can be used in place of
re-entering a username and password. Credentials
have a default life span of eight hours.
Credential
An authorization level label for Kerberos principals.
Most Kerberos principals are of the form
user@REALM (for example,
smith@EXAMPLE.COM). A Kerberos principal with
a Kerberos instance has the form
user/instance@REALM (for example,
smith/admin@EXAMPLE.COM). The Kerberos
instance can be used to specify the authorization level
for the user if authentication is successful. The server
of each network service might implement and enforce
the authorization mappings of Kerberos instances but
is not required to do so.
The Kerberos principal and instance names
must be in all lowercase characters.
Note
The Kerberos realm name must be in all
uppercase characters.
Note
Instance
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
981
Information About Kerberos
To Next Page
Loading...
Need help?
General
