158
Configuring Switch-Based Authentication
Information About Configuring Switch-Based Authentication
Understanding Kerberos
Kerberos is a secret-key network authentication protocol, which was developed at the Massachusetts Institute of
Technology (MIT). It uses the Data Encryption Standard (DES) cryptographic algorithm for encryption and authentication
and authenticates requests for network resources. Kerberos uses the concept of a trusted third party to perform secure
verification of users and services. This trusted third party is called the key distribution center (KDC).
Kerberos verifies that users are who they claim to be and the network services that they use are what the services claim
to be. To do this, a KDC or trusted Kerberos server issues tickets to users. These tickets, which have a limited lifespan,
are stored in user credential caches. The Kerberos server uses the tickets instead of usernames and passwords to
authenticate users and network services.
Note: A Kerberos server can be a switch that is configured as a network security server and that can authenticate users
by using the Kerberos protocol.
The Kerberos credential scheme uses a process called single logon. This process authenticates a user once and then
allows secure authentication (without encrypting another password) wherever that user credential is accepted.
This software release supports Kerberos 5, which allows organizations that are already using Kerberos 5 to use the same
Kerberos authentication database on the KDC that they are already using on their other network hosts (such as UNIX
servers and PCs).
In this software release, Kerberos supports these network services:
Telnet
rlogin
rsh (Remote Shell Protocol)
Table 5 lists the common Kerberos-related terms and definitions.
To Next Page
Loading...
Need help?
General
