Cisco Systems 3130

7-33

Cisco Catalyst Blade Switch 3130 for Dell Software Configuration Guide

OL-13270-01

Chapter7 Configuring Switch-Ba sed Authentication Controlling Switch Access with Kerberos

In this software release, Kerberos supports these network services:

•Telne t

•rlogin

•rsh (Remote Shell Protocol)

Table 7 -2 lists the common Kerberos-related terms and definitions:

Table7-2 Kerberos Terms

Term Definition

Authentication A process by which a user or service identifies itself to another service.

For example, a client can authenticate to a switch or a switch can

authenticate to another switch.

Authorization A means by which the switch identifies what privileges the user has in a

network or on the switch and what actions the user can perform.

Credential A general term that refers to authentication tickets, such as TGTs1 and

service credentials. Kerberos credential s ve rif y t h e id en t ity of a u ser o r

service. If a network service decides to trust the Kerberos server that

issued a ticket, it can be used in place of re-entering a username and

password. Credentials have a default lifespan of eight hours.

Instance An authorization level label for Kerberos principals. Most Kerberos

principals are of the form user@REALM (for example,

smith@EXAMPLE.COM). A Kerberos principal with a Kerberos

instance has the form user/instance@REALM (for example,

smith/admin@EXAMPLE.COM). The Kerberos instance can be used to

specify the authorization level for the user if authentication is successful.

The server of each network service might implement and enforce the

authorization mappings of Kerberos instances but is not required to do so.

Note The Kerberos principal and instance names must be in all

lowercase characters.

Note The Kerberos realm name must be in all uppercase characters.

KDC2Key distribution center that consists of a Kerberos server and database

program that is running on a network host.

Kerberized A term that describes applications and services that have been modified

to support the Kerberos credential infrastructure.

Kerberos realm A domain consisting of users, hosts, and network services that are

registered to a Kerberos server. The Kerberos server is trusted to verify

the identity of a user or network service to another user or network

service.

Note The Kerberos realm name must be in all uppercase characters.

Kerberos server A daemon that is running on a network host. Users and network services

the Kerberos server to authenticate to other network services.