HP Integrity rx2800 System Management Homepage User Guide - Page 51

Kerberos Authentication Category

Get HP Integrity rx2800 - i2 PDF manuals and user guides View all HP Integrity rx2800 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 51 highlights

To import a certificate to the trusted certificates list: 1. Select Settings from the menu. 2. In the System Management Homepage box, click the Security link. 3. Click the Trusted Management Servers link. 4. In the Add Certificate area, click the Import Certificate Data radio button. 5. Copy and paste the Base64-encoded certificate into the textbox. 6. Click Import. To add a certificate from a server: 1. Select Settings from the menu. 2. In the System Management Homepage box, click the Security link. 3. Click the Trusted Management Servers link. 4. In the Add Certificate From Server area, click the Add Certificate From Server radio button. 5. In the Server Name textbox, enter the IP address or server name of the HP SIM server. 6. Click Add. Kerberos Authentication Category Kerberos is a trusted third-party network authentication protocol for client/server applications by using secret-key cryptography developed at MIT. Kerberos allows different hosts and users to authenticate and confirm the identity of each other. One primary use of Kerberos is for offering Single Sign-On (SSO) capability on secure networks. Usually in a Kerberos environment users log in only once at the start of their sessions, acquiring Kerberos credentials that are used transparently to log in on all other services available, such as SSH, FTP, and authenticated web sessions. A Kerberos domain is a realm and is expressed in all capital letters. For example, the Kerberos realm for smhkerberos.com is SMHKERBEROS.COM. Principals are users and services/hosts that are present in a Kerberos realm and are allowed to authenticate to each other. A user has a principal name such as group@REALM (for example, [email protected]), and a service has a principal name like service/FQDN@REALM (for example, HTTP/[email protected] or host/[email protected]). Kerberos Authentication Procedure The following outlines the process when a user accesses secure services in a Kerberos realm. The process only occurs when the user initially logs in to a Kerberos realm and tries to perform the first access to a Kerberos-secured service. 1. The user logs in to the system (client) using his or her domain username and password. 2. The user's password is hashed, and this hash becomes the user's secret key. 3. When the user tries to access a service, a message informs the AS that the user wants to access that service. 4. If the user is in the AS database, two messages are sent back to the client: a. A Client/TGS session key is encrypted with the user's secret key, which is used in the communication with the TGS. b. A Ticket-Granting Ticket (TGT) is encrypted with the secret key of the TGS. A ticket is used in Kerberos to prove one's identity. The TGT allows the client to obtain other tickets for communication with network services. 5. Upon receiving these two messages, the client decrypts the message containing the Client/TGS session key. The following process occurs every time a user wants to authenticate to a service: 1. When the user requests a service, the client sends two messages to the TGS: • A message composed of the TGT and the requested service • An authenticator, is made up of the client's ID and the current timestamp encrypted with the Client/TGS session key received before System Management Homepage Box 51

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
To import a certificate to the trusted certificates list:
1.
Select
Settings
from the menu.
2.
In the
System Management Homepage
box, click the
Security
link.
3.
Click the
Trusted Management Servers
link.
4.
In the
Add Certificate
area, click the
Import Certificate Data
radio button.
5.
Copy and paste the Base64-encoded certificate into the textbox.
6.
Click
Import
.
To add a certificate from a server:
1.
Select
Settings
from the menu.
2.
In the
System Management Homepage
box, click the
Security
link.
3.
Click the
Trusted Management Servers
link.
4.
In the
Add Certificate From Server
area, click the
Add Certificate From Server
radio button.
5.
In the
Server Name
textbox, enter the IP address or server name of the HP SIM server.
6.
Click
Add
.
Kerberos Authentication Category
Kerberos
is a trusted third-party network authentication protocol for client/server applications by using
secret-key cryptography developed at
MIT
.
Kerberos
allows different hosts and users to authenticate and
confirm the identity of each other.
One primary use of Kerberos is for offering
Single Sign-On (SSO)
capability on secure networks. Usually in
a
Kerberos
environment users log in only once at the start of their sessions, acquiring
Kerberos
credentials
that are used transparently to log in on all other services available, such as SSH, FTP, and authenticated
web sessions.
A Kerberos domain is a
realm
and is expressed in all capital letters. For example, the
Kerberos
realm for
smhkerberos.com is
SMHKERBEROS.COM
.
Principals
are users and services/hosts that are present in a
Kerberos
realm and are allowed to authenticate
to each other. A
user
has a principal name such as
group@REALM
(for example,
),
and a service has a principal name like
service/FQDN@REALM
(for example,
or
).
Kerberos Authentication Procedure
The following outlines the process when a user accesses secure services in a
Kerberos
realm.
The process only occurs when the user initially logs in to a
Kerberos
realm and tries to perform the first access
to a Kerberos-secured service.
1.
The user logs in to the system (client) using his or her domain username and password.
2.
The user’s password is hashed, and this hash becomes the user’s secret key.
3.
When the user tries to access a service, a message informs the AS that the user wants to access that
service.
4.
If the user is in the AS database, two messages are sent back to the client:
a.
A Client/TGS session key is encrypted with the user’s secret key, which is used in the communication
with the TGS.
b.
A Ticket-Granting Ticket (TGT) is encrypted with the secret key of the TGS. A
ticket
is used in
Kerberos
to prove one’s identity. The TGT allows the client to obtain other tickets for communication
with network services.
5.
Upon receiving these two messages, the client decrypts the message containing the Client/TGS session
key.
The following process occurs every time a user wants to authenticate to a service:
1.
When the user requests a service, the client sends two messages to the TGS:
A message composed of the TGT and the requested service
An authenticator, is made up of the client’s ID and the current timestamp encrypted with the
Client/TGS session key received before
System Management Homepage Box
51