Client Profiles Kerberos Fields
The Kerberos feature in Avalanche allows you to test Kerberos V5 security authentication for NFS, CIFS/SMB, and HTTP/HTTPS protocols. It supports the following Kerberos communication message exchanges:
The Kerberos feature in Avalanche supports the following algorithms:
Use the Kerberos area on the Client Profiles tab to define Kerberos parameters.
NOTES:
- Avalanche supports Kerberos V5 security using the RPCSEC_GSS security flavor. RPCSEC_GSS security is based on a security-mechanism-specific principal name. The GSS-API security mechanism for Kerberos V5 that the RPCSEC_GSS protocol stack uses is described in the Kerberos V5 GSS-API description. See RFCs 2623 and 1964 for more information.
- The following are other RFCs for your reference:
-
- RFC 4120 - The Kerberos Network Authentication Service (V5)
- RFC 4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
- The Kerberos feature in Avalanche supports IPv4 for NFS, and both IPv4 and IPv6 for CIFS/SMB and HTTP/HTTPS protocols.
- You cannot use NFS Kerberos with CIFSNG or HTTP Kerberos concurrently.
- You should manually synchronize the time between Avalanche and the domain controller before testing.
|
Field |
Description |
Keytab File
|
The filename containing the Kerberos V5 key table, which stores the service keys used as credentials for accepting security contexts.
|
KDC Host IP Address
|
The Kerberos Key Distribution Center (KDC) host IP address. The KDC is a trusted third party consisting of an Authentication Server (AS) and a Ticket Granting Service (TGS).
|
KDC Host Port
|
The Kerberos Key Distribution Center (KDC) host port.
|
TGS Service Principal
|
The Ticket Granting Service (TGS) principal. Specify this field in canonical form, including realm.
NOTES:
-
Kerberos uses the concept of tickets to prove the identity of users. A Kerberos principal is a unique identity to which Kerberos can assign tickets.
-
You specify client and server principals using NFS, CIFSNG, or HTTP Action list syntax.
|
|
Related Information:
Configuring a Client Profile
Testing NFS
Testing CIFSNG/SMB
HTTP/HTTPS Action List Format Examples
© 2024 Spirent Communications, Inc. All Rights Reserved.