HP ProLiant SL160s ISS Technology Focus, Voume 10, Number 1 - Page 4
Kerberos technology with HP Integrated Lights-Out 3 version 1.2
View all HP ProLiant SL160s manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 4 highlights
Resource HP Power Capping and Dynamic Power Capping for ProLiant Servers VMware Knowledge Base article on ESX virtual machine performance and hardware power management URL http://h20000.www2.hp.com/bc/docs/support/SupportMan ual/c01549455/c01549455.pdf?jumpid=reg_R1002_USEN http://kb.vmware.com/selfservice/microsites/search.do?lang uage=en_US&cmd=displayKC&externalId=1018206 Kerberos technology with HP Integrated Lights-Out 3 version 1.2 HP Integrated Lights-Out 3 (iLO 3) firmware version 1.2 supports Kerberos technology as a protocol for network authentication. MIT (Massachusetts Institute of Technology) developed the Kerberos authentication protocol to address the following network security issues for client/server applications: Some client/server applications send unencrypted passwords over the network, making them extremely vulnerable to malicious hackers who use tools to "sniff" passwords off the network. Some applications rely on the client to deny access to unauthorized users without enforcement by the server. Firewalls may protect networks from outside malicious attacks, but they ignore the damage that ―insiders‖ can inflict on networks. Kerberos enables a client to prove its identity to a server (and vice versa) across an insecure network connection by using secret-key cryptography. In secret-key cryptography, the client and server agree on a single secret key. Kerberos can use OS two-factor authentication, if configured, requiring the user to provide two means of identification. After they use Kerberos for identification, all communications between them are authenticated and encrypted to assure privacy and data integrity. After authentication in a Microsoft® Windows® environment, a user obtains a ―ticket‖ from the login domain. With this ticket, the user can access authorized devices, like iLO, and does not have to re-enter login credentials as they move from one iLO device to another. You can manage user access from a centralized location. All of this lowers IT costs. In a Linux environment, you must configure Lightweight Directory Access Protocol (LDAP) for authorization to access iLO 3. The Kerberos component of an iLO 3 solution includes two components: Kerberos with Generic Security Services Application Programming Interface (GSSAPI)-GSSAPI is part of the Kerberos client. It standardizes the interface between Kerberos (and other providers) and higher-level software. Simple and Protected GSSAPI Negotiation (SPNEGO)-SPNEGO is part of the Windows client. It provides negotiation for NT LAN Manager (NTLM) or Kerberos through HTTP headers. The additional resources below provide further information on Kerberos technology. Additional resources Resource For more information on MIT and Kerberos For details on Windows 2000 Kerberos Authentication For more information on SPNEGO URL http://web.mit.edu/kerberos/ http://technet.microsoft.com/en-us/library/bb742431.aspx http://msdn.microsoft.com/library/default.asp?url=/library/enus/dnsecure/html/http-sso-2.asp 4