Subscribe to this information
POWER7 information
Configuring a Kerberos client on the Virtual I/O Server
You can configure a Kerberos client on the Virtual I/O Server to enhance security in communications across the Internet.
Before you start, ensure that the Virtual I/O Server Version 1.5
or later. To update the Virtual I/O Server, see Updating the Virtual I/O Server.
Kerberos is a network authentication protocol that provides authentication for client and server applications by using a secret-key cyrptography. It negotiates authenticated, and optionally encrypted, communications between two points anywhere on the Internet. Kerberos authentication generally works as follows:
- A Kerberos client sends a request for a ticket to the Key Distribution Center (KDC).
- The KDC creates a ticket-granting ticket (TGT) for the client and encrypts it using the client's password as the key.
- The KDC returns the encrypted TGT to the client.
- The client attempts to decrypt the TGT, using its password.
- If the client successfully decrypts the TGT (for example, if the client gives the correct password), the client keeps the decrypted TGT. The TGT indicates proof of the client's identity.
To configure a Kerberos client on the Virtual I/O Server, run the follwoing
command.
mkkrb5clnt -c KDC_server -r realm_name \ -s Kerberos_server -d Kerberos_client- KDC_server is the name of the KDC server.
- realm_name is the name of the realm to which you want to configure the Kerberos client.
- Kerberos_server is the fully qualified host name of the Kerberos server.
- Kerberos_client is the domain name of the Kerberos client.
mkkrb5clnt -c bob.kerberso.com -r KERBER.COM \ -s bob.kerberso.com -d testbox.comIn this example, you configure the Kerberos client, testbox.com, to the Kerberos server, bob.kerberso.com. The KDC is running on bob.kerberso.com.
