HP ProLiant DL288 ISS Technology Focus, Voume 10, Number 1 - Page 4

Kerberos technology with HP Integrated Lights-Out 3 version 1.2

Get HP ProLiant DL288 PDF manuals and user guides View all HP ProLiant DL288 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 4 highlights

Resource HP Power Capping and Dynamic Power Capping for ProLiant Servers VMware Knowledge Base article on ESX virtual machine performance and hardware power management URL http://h20000.www2.hp.com/bc/docs/support/SupportMan ual/c01549455/c01549455.pdf?jumpid=reg_R1002_USEN http://kb.vmware.com/selfservice/microsites/search.do?lang uage=en_US&cmd=displayKC&externalId=1018206 Kerberos technology with HP Integrated Lights-Out 3 version 1.2 HP Integrated Lights-Out 3 (iLO 3) firmware version 1.2 supports Kerberos technology as a protocol for network authentication. MIT (Massachusetts Institute of Technology) developed the Kerberos authentication protocol to address the following network security issues for client/server applications: Some client/server applications send unencrypted passwords over the network, making them extremely vulnerable to malicious hackers who use tools to "sniff" passwords off the network. Some applications rely on the client to deny access to unauthorized users without enforcement by the server. Firewalls may protect networks from outside malicious attacks, but they ignore the damage that ―insiders‖ can inflict on networks. Kerberos enables a client to prove its identity to a server (and vice versa) across an insecure network connection by using secret-key cryptography. In secret-key cryptography, the client and server agree on a single secret key. Kerberos can use OS two-factor authentication, if configured, requiring the user to provide two means of identification. After they use Kerberos for identification, all communications between them are authenticated and encrypted to assure privacy and data integrity. After authentication in a Microsoft® Windows® environment, a user obtains a ―ticket‖ from the login domain. With this ticket, the user can access authorized devices, like iLO, and does not have to re-enter login credentials as they move from one iLO device to another. You can manage user access from a centralized location. All of this lowers IT costs. In a Linux environment, you must configure Lightweight Directory Access Protocol (LDAP) for authorization to access iLO 3. The Kerberos component of an iLO 3 solution includes two components: Kerberos with Generic Security Services Application Programming Interface (GSSAPI)-GSSAPI is part of the Kerberos client. It standardizes the interface between Kerberos (and other providers) and higher-level software. Simple and Protected GSSAPI Negotiation (SPNEGO)-SPNEGO is part of the Windows client. It provides negotiation for NT LAN Manager (NTLM) or Kerberos through HTTP headers. The additional resources below provide further information on Kerberos technology. Additional resources Resource For more information on MIT and Kerberos For details on Windows 2000 Kerberos Authentication For more information on SPNEGO URL http://web.mit.edu/kerberos/ http://technet.microsoft.com/en-us/library/bb742431.aspx http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnsecure/html/http-sso-2.asp 4

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
4
Resource
URL
HP Power Capping and Dynamic Power
Capping for ProLiant Servers
ual/c01549455/c01549455.pdf?jumpid=reg_R1002_USEN
VMware Knowledge Base article on ESX virtual
machine performance and hardware power
management
uage=en_US&cmd=displayKC&externalId=1018206
Kerberos technology with HP Integrated Lights-Out 3 version 1.2
HP Integrated Lights-Out 3 (iLO 3) firmware version 1.2 supports Kerberos technology as a protocol for network
authentication. MIT (Massachusetts Institute of Technology) developed the Kerberos authentication protocol to address the
following network security issues for client/server applications:
Some client/server applications send unencrypted passwords over the network, making them extremely vulnerable to
malicious hackers who use tools to "sniff" passwords off the network.
Some applications rely on the client to deny access to unauthorized users without enforcement by the server.
Firewalls may protect networks from outside malici
ous attacks, but they ignore the damage that ―insiders‖ can inflict on
networks.
Kerberos enables a client to prove its identity to a server (and vice versa) across an insecure network connection by using
secret-key cryptography. In secret-key cryptography, the client and server agree on a single secret key. Kerberos can use OS
two-factor authentication, if configured, requiring the user to provide two means of identification. After they use Kerberos for
identification, all communications between them are authenticated and encrypted to assure privacy and data integrity.
After authentic
ation in a Microsoft® Windows® environment, a user obtains a ―ticket‖ from the login domain. With this
ticket, the user can access authorized devices, like iLO, and does not have to re-enter login credentials as they move from
one iLO device to another. You can manage user access from a centralized location. All of this lowers IT costs.
In a Linux environment, you must configure Lightweight Directory Access Protocol (LDAP) for authorization to access iLO 3.
The Kerberos component of an iLO 3 solution includes two components:
Kerberos with Generic Security Services Application Programming Interface (GSSAPI)
GSSAPI is part of the Kerberos
client. It standardizes the interface between Kerberos (and other providers) and higher-level software.
Simple and Protected GSSAPI Negotiation (SPNEGO)
SPNEGO is part of the Windows client. It provides negotiation for
NT LAN Manager (NTLM) or Kerberos through HTTP headers.
The additional resources below provide further information on Kerberos technology.
Additional resources
Resource
URL
For more information on MIT and
Kerberos
For details on Windows 2000
Kerberos Authentication
For more information on SPNEGO
us/dnsecure/html/http-sso-2.asp