AlterPath ACS Installation, Administration, and User’s Guide 233
Group Authorization on LDAP
Group information retrieval from an LDAP authentication server adds another
layer of security by adding a network-based authorization. It retrieves the
“group” information from the authentication server and performs an
authorization through ACS. To see the configuration procedures for an LDAP
authentication server refer to the ACS Command Reference Guide, Chapter 3,
Section 3.4 “Group Authorization”.
T To Configure a Kerberos Authentication Server
Perform the following procedure to configure a Kerberos authentication
server when ACS or any of its ports is configured to use Kerberos
authentication method or any of its variations (Kerberos, Kerberos/Local, or
KerberosDownLocal).
Before starting this procedure, find out the following information from the
Kerberos server’s administrator:
• Realm name and KDC address
• Host name and IP address for the Kerberos server
Also, work with the Kerberos server’s administrator to ensure that following
types of accounts are set up on the Kerberos server and that the administrators
of the ACS and connected devices know the passwords assigned to the
accounts:
• An account for “admin”
• If Kerberos authentication is specified for ACS, accounts for all users
who need to log into the ACS to administer connected devices.
• If Kerberos authentication is specified for the serial ports, accounts for
users who need administrative access to connected devices
1. Make sure an entry for the ACS and the Kerberos server exist in the
ACS’s /etc/hosts file.
a. Go to Network > Host Table in Expert mode.
The “Host Table” form appears.
b. Add an entry for ACS if none exists and an entry for the Kerberos
server.
i. Click “Add.”
To Next Page
Loading...
