DETAILED STEPS
PurposeCommand or Action
Defines the default realm for the device.
Device(config)# kerberos local-realmkerberos-realm
Step 1
Specifies to the device which KDC to use in a given
Kerberos realm and, optionally, the port number that the
KDC is monitoring. (The default is 88.)
Device(config)# kerberos serverkerberos-realm
{hostname | ip-address } [port-number ]
Step 2
(Optional) Maps a host name or DNS domain to a Kerberos
realm.
Device(config)# kerberos realm {dns-domain | host
} kerberos-realm
Step 3
What to Do Next
Because the machine running the KDC and all Kerberized hosts must interact within a 5-minute window
or authentication fails, all Kerberized machines, and especially the KDC, should be running the Network
Time Protocol (NTP).
Note
The kerberos local-realm, kerberos realm, and kerberos server commands are equivalent to the UNIX
krb.conf file. The table below identifies mappings from the Cisco IOS configuration commands to a Kerberos
5 configuration file (krb5.conf).
Table 100: Kerberos 5 Configuration File and Commands
Cisco IOS Configuration Commandkrb5.conf File
(in configuration mode)
kerberos local-realm
DOMAIN.COM
[libdefaults]
default_realm = DOMAIN.COM
(in configuration mode)
kerberos realm
.domain.com
DOMAIN.COM
kerberos realm
domain.com DOMAIN.COM
[domain_realm]
.domain.com = DOMAIN.COM
domain.com = DOMAIN.COM
(in configuration mode)
kerberos server
DOMAIN.COM 172.65.44.2
(172.65.44.2
is the example IP address for DOMAIN.PIL.COM
)
[realms]
kdc = DOMAIN.PIL.COM:750
admin_server = DOMAIN.PIL.COM
default_domain = DOMAIN.COM
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
988
How to Configure Kerberos
To Next Page
Loading...
Need help?
General
