Cisco WS-C4003 Software Guide - Page 387
Mapping a Kerberos Realm to a Host Name or DNS Domain, Copying SRVTAB Files
View all Cisco WS-C4003 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 387 highlights
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication This example shows how to define which Kerberos server will serve as the KDC for the specified Kerberos realm and how to clear the entry: Console> (enable) set kerberos server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry set to:CISCO.COM - 187.0.2.1 - 750 Console> (enable) Console> (enable) clear kerberos server CISCO.COM 187.0.2.1 750 Kerberos Realm-Server-Port entry CISCO.COM-187.0.2.1-750 deleted Console> (enable) Mapping a Kerberos Realm to a Host Name or DNS Domain Optionally, you can map a host name or domain name server (DNS) domain to a Kerberos realm. To map a Kerberos realm to either a host name or DNS domain, perform this task in privileged mode: Step 1 Step 2 Task Command Optionally, map a host name or DNS domain to a set kerberos realm {dns-domain | host} Kerberos realm. kerberos-realm Clear the Kerberos realm domain or host mapping clear kerberos realm {dns-domain | host} entry. kerberos-realm This example shows how to map a Kerberos realm, called cisco.com, to a DNS domain and how to clear the entry: Console> (enable) set kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry set to CISCO - CISCO.COM Console> (enable) Console> (enable) clear kerberos realm CISCO CISCO.COM Kerberos DnsDomain-Realm entry CISCO - CISCO.COM deleted Console> (enable) Copying SRVTAB Files To make it possible for remote users to authenticate to the switch using Kerberos credentials, the switch must share a key with the KDC. To allow this configuration, you must give the switch a copy of the file that is stored in the KDC and which contains the key. These files are called SRVTAB files on the switch and KEYTAB files on the servers. The most secure method to copy SRVTAB files to the hosts in your Kerberos realm is to copy them onto physical media and then manually copy the files onto the system. To copy SRVTAB files to a switch that does not have a physical media drive, you must transfer them through the network by using the Trivial File Transfer Protocol (TFTP). When you copy the SRVTAB file from the switch to the KDC, the switch parses the information in this file and stores it in the running configuration in the Kerberos SRVTAB entry format. If you enter the SRVTAB directly into the switch, create an entry for each Kerberos principal (service) on the switch. The entries are maintained in the SRVTAB table. The maximum size of the table is 20 entries. 78-12647-02 Software Configuration Guide-Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 27-33