Kerberos

Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. The system administrator can configure the SLC to use Kerberos to authenticate users attempting to log in using Telnet, SSH, or the console port.

Note:  Users who are authenticated through Kerberos are granted port access through the port permissions on this page.

To configure the SLC to use Kerberos to authenticate users:

  1. Complete the following fields:

Enable Kerberos

Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox.

Note:  If you enable Kerberos here, it automatically displays at the end of the order of precedence on the User Authentication page.

Realm

Enter the name of the logical network served by a single Kerberos database and a set of Key Distribution Centers. Usually, realm names are all uppercase letters to differentiate the realm from the Internet domain. Realm is similar in concept to an NT domain.

KDC

A key distribution center (KDC) is a server that issues Kerberos tickets. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service.

 

Enter the KDC in the fully qualified domain format (FQDN). An example is SLC.local.

KDC IP Address

Enter the IP address of the Key Distribution Center (KDC). In case the user does not have DNS enabled, this entry enables the SLC to resolve the FQDN entered in the KDC field.

KDC IP Address

Enter the IP address of the Key Distribution Center (KDC).

KDC Port

Port on the KDC listening for requests. Enter an integer with a maximum value of 65535. The default is 88. Indicate whether Kerberos should rely on LDAP to look up user IDs and Group IDs. This setting is disabled by default.

Note: Make sure to configure LDAP if you select this option.

Use LDAP

Indicate whether Kerberos should rely on LDAP to look up user IDs and Group IDs. This setting is disabled by default.

Note: Make sure to configure LDAP if you select this option.

Custom Menu

If custom menus have been created (see the User Guide), you can assign a default custom menu to Kerberos users.

Data Ports

The ports users are able to monitor and interact with using the connect direct command. U and L denote the PC Card upper and lower slots.

Listen Ports

The ports users are able to monitor using the connect listen command.

Clear Port Buffers

The ports whose port buffer users may clear using the set locallog clear command.

 

  1. In the User Rights section, select the user group to which Kerberos users will belong:

Group

Select the group to which the Kerberos users will belong:

Default Users: This group has only the most basic rights (described above).

Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown; Diagnostics & Reports.

Administrators: This group has all possible rights.

 

  1. Select or clear the checkboxes for the following rights:

Full Administrative

Right to perform any function on the SLC.

Networking

Right to enter network and routing settings.

Services

Right to enable and disable system and audit logging, SSH and Telnet logins, SNMP, and SMTP.  Includes NFS and CIFS.

Date/Time

Right to set the date and time.

Local Users

Right to add or delete local users on the system.

Remote Authentication

Right to assign a remote user to a user group and assign a set of rights to the user. Includes configuring remote authentication methods and ordering.

SSH Keys

Right to set SSH keys for authenticating users.

User Menus

Right to create or edit a custom user menu for the CLI .

Reboot & Shutdown

Right to shutdown or reboot the SLC.

Firmware & Configuration

Right to upgrade the firmware on the unit and save or restore a configuration (all settings).

Diagnostics & Reports

Rights to obtain diagnostic information and reports about the unit.

SLC Network

Right to view and manage SLCs on the local subnet.

Web Access

Right to access Web-Manager.

Device Ports

Right to enter device port settings. Includes creating bidirectional and unidirection connections

PC Card

Right to enter modem settings for PC cards. Includes managing storage PC Cards.

  1. To save, click Apply.

Note: You must reboot the unit before changes will take effect.

 

See also

Device Ports

User Authentication Methods

Remote User Permissions

Port Access Modes

NIS

LDAP

RADIUS

TACACS+