Security
Database Configuration
11-12
11.4.2.1 Configuring Kerberos
The
Set/Define Authentication Kerberos
commands are used for most of the Kerberos configuration
options.
1
Ensure that the SCS clock is synchronized with the clock on the Kerberos server. The Kerberos
authentication model attaches timestamps to the packets sent between the SCS and Kerberos server
to prevent replay attacks. The SCS timestamp is only allowed to deviate 5 minutes from the Kerberos
server clock before the packet is considered invalid, which would result in a failed authentication
attempt.
To synchronize the SCS and the Kerberos clock, use the
Set/Define IP Timeserver
command:
Figure 11-24:
Synchronizing the Clocks
2
Designate a precedence number for the Kerberos server.
Figure 11-25:
Configuring Kerberos Precedence
3
Configure the primary and secondary Kerberos server locations by IP address:
Figure 11-26:
Configuring Kerberos Server Locations
4
Configure the realm. The
realm
is the name of the Kerberos administrative region that defines the
scope of client authentication data maintained by a Kerberos server. Most installations choose realm
names that mirror their Internet domain name system. To specify the realm, use the
Set/Define
Authentication Kerberos Realm
command.
Figure 11-27:
Configuring the Kerberos Realm
Note:
The value for realm is case-sensitive. Enclose this string in quotes to retain case.
5
Configure the
principle
,
instance
, and
authenticator
that enable the Kerberos server to identify the
SCS. Principle, instance, and authenticator entries must be configured on the SCS to match the
corresponding entries on the Kerberos server.
The default setting for the SCS principle is
rcmd
; for the SCS instance, the default setting is
scs
.
The authenticator is the password for the principle/instance pair. It must be defined on the SCS and
the Kerberos server. A text string or an eight-byte hexadecimal value may be specified.
Local>> DEFINE IP TIMESERVER 192.0.1.110
Local>> DEFINE AUTHENTICATION KERBEROS PRECEDENCE 2
Local>> DEFINE AUTHENTICATION KERBEROS PRIMARY 192.0.1.52
Local>> DEFINE AUTHENTICATION KERBEROS SECONDARY 192.0.1.53
Local>> DEFINE AUTHENTICATION KERBEROS REALM “phred.com”
Summary of Contents for SCS
Page 14: ...xii ...
Page 171: ...Modem Sharing Examples 10 6 ...
Page 314: ...Command Reference Service Commands 12 110 ...
Page 403: ...Show 802 11 Errors Rightmost Number B 5 00000002 Internal error 00000001 Internal error ...
Page 424: ...Index 13 ...