This document explains one of the steps to configure the Cisco Information Server (CIS) for Kerberors authentication.This step is discussed in the "Configuring CIS Server for JGSS Kerberos SSO" section in the CIS Administration Guide.
How is the Kerberos Configuration File used in CIS?
Before you use any of the Kerberos network programs, you must authenticate the user to the Key Distribution Center (KDC). KDC generates a Ticket-Granting Ticket (TGT) for the user.
TGT performs two functions:
It proves your identity.
It lets you obtain additional tickets, which give you permission for additional services.
The Kerberos Configuration File can be named krb.conf (on Linux) or ini (on Microsoft Windows). This file contains client configuration information, which includes:
The locations of KDCs and admin servers for the Kerberos realms of interest.
Defaults for the current realm and for Kerberos applications.
Mappings of hostnames onto Kerberos realms.
The Kerberos kinit program forwards a request for a TGT to the KDC. The KDC then encrypts the TGT with your password and sends the encrypted TGT back to you. At your local client, you type your password, and Kerberos decrypts the TGT and keeps it until the expiration time. klist lists the ticket.
Verify the Customer Setup
Here are some commands you can use in order to verify that the customer setup is correct on the server side:
kinit: This command is used in order to obtain and cache Kerberos TGT. For more details, refer to the kinit article.
klist: This command examines the Kerberos credential cache. It has several options available. For details, refer to the klist article.