EasyManua.ls Logo

Cisco Catalyst 3750 - Obtaining a TGT from a KDC; Authenticating to Network Services; Configuring Kerberos

Cisco Catalyst 3750
926 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
7-35
Catalyst 3750 Metro Switch Software Configuration Guide
78-15870-01
Chapter 7 Configuring Switch-Based Authentication
Controlling Switch Access with Kerberos
Obtaining a TGT from a KDC
This section describes the second layer of security through which a remote user must pass. The user must
now authenticate to a KDC and obtain a TGT from the KDC to access network services.
For instructions about how to authenticate to a KDC, refer to the “Obtaining a TGT from a KDC” section
in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.1,
at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdkerb.htm
#xtocid154005.
Authenticating to Network Services
This section describes the third layer of security through which a remote user must pass. The user with
a TGT must now authenticate to the network services in a Kerberos realm.
For instructions about how to authenticate to a network service, refer to the “Authenticating to Network
Services” section in the “Security Server Protocols” chapter of the Cisco IOS Security Configuration
Guide, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdkerb.htm
#xtocid154006.
Configuring Kerberos
So that remote users can authenticate to network services, you must configure the hosts and the KDC in
the Kerberos realm to communicate and mutually authenticate users and network services. To do this,
you must identify them to each other. You add entries for the hosts to the Kerberos database on the KDC
and add KEYTAB files generated by the KDC to all hosts in the Kerberos realm. You also create entries
for the users in the KDC database.
When you add or create entries for the hosts and users, follow these guidelines:
The Kerberos principal name must be in all lowercase characters.
The Kerberos instance name must be in all lowercase characters.
The Kerberos realm name must be in all uppercase characters.
Note A Kerberos server can be a Catalyst 3750 Metro switch that is configured as a network security server
and that can authenticate users by using the Kerberos Protocol.
To set up a Kerberos-authenticated server-client system, follow these steps:
Configure the KDC by using Kerberos commands.
Configure the switch to use the Kerberos protocol.
For instructions, refer to the “Kerberos Configuration Task List” section in the “Security Server
Protocols” chapter of the Cisco IOS Security Configuration Guide, Release 12.1, at this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt2/scdkerb.htm
#xtocid154007.

Table of Contents

Other manuals for Cisco Catalyst 3750

Preview: Command Reference
Command Reference1154 pages
Preview: Getting Started Guide
Getting Started Guide32 pages
Preview: Hardware Installation Guide
Hardware Installation Guide230 pages

Related product manuals