Configuration Examples for Kerberos
Example: Defining a Kerberos Realm
To define CISCO.COM as the default Kerberos realm, use the following command:
kerberos local-realm CISCO.COM
To tell the device that the CISCO.COM KDC is running on host 10.2.3.4 at port number 170, use the following
Kerberos command:
kerberos server CISCO.COM 10.2.3.4 170
To map the DNS domain cisco.com to the Kerberos realm CISCO.COM, use the following command:
kerberos realm.cisco.com CISCO.COM
Example: Copying a SRVTAB File
To copy over the SRVTAB file on a host named host123.cisco.com for a device named device1.cisco.com,
the command would look like this:
kerberos srvtab remote host123.cisco.com device1.cisco.com-new-srvtab
Example: Configuring Kerberos
This section provides a typical non-Kerberos device configuration and shows output for this configuration
from the
write term
command, then builds on this configuration by adding optional Kerberos functionality.
Output for each configuration is presented for comparison against the previous configuration.
This example shows how to use the kdb5_edit program to perform the following configuration tasks:
•
Adding user chet to the Kerberos database
•
Adding a privileged Kerberos instance of user chet (chet/admin) to the Kerberos database
•
Adding a restricted instance of chet (chet/restricted) to the Kerberos database
•
Adding workstation chet-ss20.cisco.com
•
Adding device chet-2500.cisco.com to the Kerberos database
•
Adding workstation chet-ss20.cisco.com to the Kerberos database
•
Extracting SRVTABs for the device and workstations
•
Listing the contents of the KDC database (with the
ldb
command)
In this sample configuration, host chet-ss20 is also the KDC:
Note
chet-ss20#
sbin/kdb5_edit
kdb5_edit:
ank chet
Enter password:
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
992
Configuration Examples for Kerberos
Summary of Contents for Catalyst 2960 Series
Page 96: ......
Page 196: ......
Page 250: ......
Page 292: ......
Page 488: ......
Page 589: ...P A R T VI Cisco Flexible NetFlow Configuring NetFlow Lite page 509 ...
Page 590: ......
Page 619: ...P A R T VII QoS Configuring QoS page 539 Configuring Auto QoS page 645 ...
Page 620: ......
Page 750: ......
Page 1604: ......
Page 1740: ......
Page 2105: ...P A R T XII Configuring Cisco IOS IP SLAs Configuring Cisco IP SLAs page 2025 ...
Page 2106: ......
Page 2118: ......
Page 2164: ......