You can configure a Kerberos client on the Virtual I/O Server to
enhance security in communications across the Internet.
Kerberos is a network authentication protocol that provides authentication
for client and server applications by using a secret-key cyrptography. It
negotiates authenticated, and optionally encrypted, communications between
two points anywhere on the Internet. Kerberos authentication generally works
as follows:
- A Kerberos client sends a request for a ticket to the Key Distribution
Center (KDC).
- The KDC creates a ticket-granting ticket (TGT) for the client and encrypts
it using the client's password as the key.
- The KDC returns the encrypted TGT to the client.
- The client attempts to decrypt the TGT, using its password.
- If the client successfully decrypts the TGT (for example, if the client
gives the correct password), the client keeps the decrypted TGT. The TGT indicates
proof of the client's identity.
To configure a Kerberos client on the Virtual I/O Server,
run the follwoing command. mkkrb5clnt -c KDC_server -r realm_name \ -s Kerberos_server -d Kerberos_client
Where:
- KDC_server is the name of the KDC server.
- realm_name is the name of the realm to which you want
to configure the Kerberos client.
- Kerberos_server is the fully qualified host name of
the Kerberos server.
- Kerberos_client is the domain name of the Kerberos
client.
For example:
mkkrb5clnt -c bob.kerberso.com -r KERBER.COM \ -s bob.kerberso.com -d testbox.com
In
this example, you configure the Kerberos client, testbox.com, to the Kerberos
server, bob.kerberso.com. The KDC is running on bob.kerberso.com.
Subscribe to this information