Web Manager “Config” Menu Options > Configuring Authentication > Configuring a Kerberos Authentication Server

Configuring a Kerberos Authentication Server
When the administrative user goes to Config Æ Authentication and selects Kerberos from the “Authentication Type” pull-down menu, the fields shown in the following figure appear. If a Kerberos authentication server has not previously been configured, the fields are empty.
Config Æ Authentication: Kerberos
If the Kerberos authentication server (which is also referred to as a Key Distribution Center, or KDC) has previously been configured in either of the authentication configuration screens, the fields are filled in with the previously-configured values.
Before configuring a Kerberos server, the administrative user must obtain the needed information from the server’s administrator. The administrative user enters the information in the following two fields, which display when the Kerberos authentication type is selected:
Caution! The Kerberos KDC rejects tickets when the timestamp on an authentication request from a host is not within the maximum clock skew time specified in the KDC’s hdc.conf file. Therefore, it is essential for the time on the OnBoard to be synchronized with the time on the KDC.
To Configure a Kerberos Authentication Server
Perform this procedure to configure an authentication server when the OnBoard or any of its connected devices is to use the Kerberos authentication method or any of its variations (Kerberos, Local/Kerberos, Kerberos/Local, or Kerberos Down/Local).
Before starting this procedure, gather the following information from the Kerberos server’s administrator:
Also, work with the Kerberos server’s administrator to ensure that following types of accounts are set up on the Kerberos server and that the administrators of the OnBoard and connected devices know the passwords assigned to the accounts:
If Kerberos authentication is specified for the OnBoard, accounts for all users who need to log into the OnBoard to administer connected devices.
1.
2.
a.
Go to Network Æ Host Table.
The “Host Table” form appears.
b.
i.
ii.
iii.
iv.
v.
vi.
3.
Make sure that timezone and time and date settings are synchronized between the OnBoard and on the Kerberos server.
Note: Kerberos authentication depends on time synchronization. Time and date synchronization is most easily achieved by setting both the OnBoard and the Kerberos server to use the same NTP server.
a.
b.
Work with the authentication server’s administrator to synchronize the time and date between the OnBoard and the server.
4.
Go to Config Æ Authentication and select Kerberos from the “Authentication Type” pull-down menu.
The Kerberos configuration fields display.
5.
6.
7.

Web Manager “Config” Menu Options > Configuring Authentication > Configuring a Kerberos Authentication Server