EasyManuals Logo

Cisco Catalyst 2960 Series User Manual

Cisco Catalyst 2960 Series
2288 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1067 background imageLoading...
Page #1067 background image
8
Host A attempts to decrypt the service credential with the users TGT. If Host A can decrypt the service
credential, it is assured the credential came from the real KDC.
9
Host A sends the service credential to the desired network service. Note that the credential is still encrypted
with the SRVTAB shared by the KDC and the network service.
10
The network service attempts to decrypt the service credential using its SRVTAB.
11
If the network service can decrypt the credential, it is assured the credential was in fact issued from the
KDC. Note that the network service trusts anything it can decrypt from the KDC, even if it receives it
indirectly from a user. This is because the user first authenticated with the KDC.
At this point, the user is authenticated to the network service on Host B. This process is repeated each time a
user wants to access a network service in the Kerberos realm.
How to Configure Kerberos
To set up a Kerberos-authenticated server-client system, follow these steps:
Configure the KDC by using Kerberos commands.
Configure the switch to use the Kerberos protocol.
Configuring the KDC Using Kerberos Commands
After a host is configured to function as the KDC in the Kerberos realm, entries must be made to the KDC
database (and to modify existing database information) for all principals in the realm. Principals can be network
services on devices and hosts or principals can be users.
All Kerberos command examples are based on Kerberos 5 Beta 5 of the original MIT implementation.
Later versions use a slightly different interface.
Note
Adding Users to the KDC Database
Follow these steps to add users to the KDC and create privileged instances for those users:
SUMMARY STEPS
1.
Use the su command to become root on the host running the KDC.
2.
Use the kdb5_edit program to configure the commands in the next steps.
3.
Use the ank (add new key) command in privileged EXEC mode to add a user to the KDC. This command
prompts for a password that the user must enter to authenticate the router. For example:
4.
Use the ank command to add a privileged instance of a user. For example:
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
985
How to Configure Kerberos

Table of Contents

Other manuals for Cisco Catalyst 2960 Series

Preview: Datasheet
Datasheet21 pages
Preview: Brochure & Specs
Brochure & Specs10 pages
Preview: Product Bulletin
Product Bulletin5 pages
Preview: Specifications
Specifications2 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 2960 Series and is the answer not in the manual?

Cisco Catalyst 2960 Series Specifications

General IconGeneral
LayerLayer 2
Power over Ethernet (PoE)Available on some models
RAM128 MB
Flash Memory32 MB
MAC Address Table Size8000
Operating Temperature0°C to 45°C (32 to 113°F)
Ports24 or 48 x 10/100/1000

Related product manuals