6-36
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Understanding AAA Server and Server Group Objects
Field Reference
AAA Server Dialog Box—Kerberos Settings
Use the Kerberos settings in the AAA Server dialog box to configure a Kerberos AAA server object.
Note This type of AAA server can be configured only on ASA, PIX 7.x+, and FWSM 3.1+ devices.
Navigation Path
Go to the Add or Edit AAA Server Dialog Box, page 6-30 and select Kerberos in the Protocol field.
Related Topics
Creating AAA Server Objects, page 6-29
Understanding AAA Server and Server Group Objects, page 6-24
AAA Server Group Dialog Box, page 6-46
Field Reference
Table6-9 AAA Server Dialog Box—TACACS+ Settings
Element Description
Key
Confirm
The shared secret that is used to encrypt data between the client and the
AAA server. The key is a case-sensitive, alphanumeric string of up to
127 characters (U.S. English). Spaces and special characters are
permitted.
The key you define in this field must match the key on the TACACS+
server. Enter the key again in the Confirm field.
Note the following:
Activity validation fails if you try defining a key with a space on a
PIX, ASA, or FWSM device.
If you do not define a key, all traffic between the AAA server and
its AAA clients is sent unencrypted.
Server Port The port used for communicating with the AAA server. The default is
49.
Table6-10 AAA Server Dialog Box—Kerberos Settings
Element Description
Server Port The port used for communicating with the AAA server. The default is
88.
Kerberos Realm Name The name of the realm containing the Kerberos authentication server
and ticket granting server (maximum of 64 characters, typically all
uppercase). For example, EXAMPLE.COM.
Retry Interval The interval between attempts to contact the AAA server. Values range
from 1 to 10 seconds.