beautypg.com

Motorola Series Switch WS5100 User Manual

Page 102

background image

4-28 WS5100 Series Switch System Reference Guide

across an insecure network connection. Once a MU and server prove their identity, they can encrypt all
communications to assure privacy and data integrity. Kerberos can only be used on the with Motorola clients.

To configure a Kerberos authentication scheme for a WLAN:

1. Select

Network

>

Wireless LANs

from the main menu tree.

2. Select an existing WLAN from those displayed within the

Configuration

tab.

3. Click the

Edit

button.

A WLAN screen displays with the WLAN’s existing configuration. Refer to the

Authentication

and

Encryption

columns to assess the WLAN’s existing security configuration.

4. Select the

Kerberos

button from within the Authentication field.

5. Click the

Config

button to the right of the Kerberos checkbox. The

Kerberos

screen displays.

6. Specify a case-sensitive

Realm Name

(for example, MOTOROLA.COM).

The realm name is the name domain/realm name of the KDC Server. A realm name functions similarly to
a DNS domain name. In theory, the realm name is arbitrary. However, in practice a Kerberos realm is
named by uppercasing the DNS domain name associated with hosts in the realm.

7. Enter a

Server IP Addr

(IP address) for the Primary and (if necessary) Backup KDC.

Specify a numerical (non-DNS) IP address for the Primary Key Distribution Center (KDC). The KDC
implements an Authentication Service and a Ticket Granting Service, whereby an authorized user is
granted a ticket encrypted with the user's password. The KDC has a copy of every user password
provided. Optionally, specify a numerical (non-DNS) IP address for a backup KDC. Backup KDCs are often
referred to as slave servers.

8. Specify the

Ports

on which the Primary and Backup KDCs reside.

The default port number for Kerberos Key Distribution Centers is port 88.

CAUTION: Kerberos makes no provisions for host security. Kerberos assumes it is
running on a trusted host with an untrusted network. If host security is compromised,
Kerberos is compromised as well

NOTE: Kerberos requires at least one encryption scheme be enabled (WEP 128 or other).
If neither WEP 128 or KeyGuard is enabled, WEP 128 will automatically be enabled for
use with Kerberos.

!