4 configuring kerberos authentication, Configuring kerberos authentication -9, Configuring kerberos authentication on – Symbol Technologies AP-5131 User Manual

Page 195

Advertising
background image

Configuring Access Point Security

6-9

7.

Click

Cancel

to return to the target WLAN screen without keeping any of the changes made

within the New Security Policy screen.

6.4 Configuring Kerberos Authentication

Kerberos (designed and developed by MIT) provides strong authentication for client/server
applications using secret-key cryptography. Using Kerberos, a client must prove its identity to a server
(and vice versa) across an insecure network connection.

Once a client and server use Kerberos to prove their identity, they can encrypt all communications to
assure privacy and data integrity. Kerberos can only be used on the AP-5131 with Symbol clients.

Kerberos uses the Network Time Protocol (NTP) for synchronizing the clocks of its Key Distribution
Center (KDC) server(s). Use the

NTP Servers

screen to specify the IP addresses and ports of available

NTP servers. Kerberos requires the

Enable NTP on

AP-5131 checkbox be selected for authentication

to function properly. See

Configuring Network Time Protocol (NTP) on page 4-32

to configure the NTP

server.

To configure Kerberos on the AP-5131:

1.

Select

Network Configuration

->

Wireless

->

Security

from the AP-5131 menu tree.

If security policies supporting Kerberos exist, they appear within the

Security

Configuration

screen. These existing policies can be used as is, or their properties edited

by clicking the

Edit

button. To configure a new security policy supporting Kerberos, continue

to step 2.

2.

Click the

Create

button to configure a new policy supporting Kerberos.

The

New Security Policy

screen displays with no authentication or encryption options

selected.

CAUTION Kerberos makes no provisions for host security. Kerberos assumes

that it is running on a trusted host with an untrusted network. If host
security is compromised, Kerberos is compromised as well

NOTE

If 802.11a is selected as the radio used for a specific WLAN, the WLAN
cannot use a Kerberos supported security policy, as no 802.11a clients can
support Kerberos on the AP-5131.

!

Advertising
Popular Brands
Popular manuals