Client Profiles Kerberos Fields
Click here to see this page in full context

Spirent Avalanche 5.46 February 29, 2024

Client Profiles Kerberos Fields

The Kerberos feature in Avalanche allows you to test Kerberos V5 security authentication for NFS, CIFS/SMB, and HTTP/HTTPS protocols. It supports the following Kerberos communication message exchanges:

 The Kerberos feature in Avalanche supports the following algorithms:

Use the Kerberos area on the Client Profiles tab to define Kerberos parameters.

NOTES:

  • Avalanche supports Kerberos V5 security using the RPCSEC_GSS security flavor. RPCSEC_GSS security is based on a security-mechanism-specific principal name. The GSS-API security mechanism for Kerberos V5 that the RPCSEC_GSS protocol stack uses is described in the Kerberos V5 GSS-API description. See RFCs 2623 and 1964 for more information.
  • The following are other RFCs for your reference:
    • RFC 4120 - The Kerberos Network Authentication Service (V5)
    • RFC 4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows
  • The Kerberos feature in Avalanche supports IPv4 for NFS, and both IPv4 and IPv6 for CIFS/SMB and HTTP/HTTPS protocols.
  • You cannot use NFS Kerberos with CIFSNG or HTTP Kerberos concurrently.
  • You should manually synchronize the time between Avalanche and the domain controller before testing.
Field Description

Keytab File

The filename containing the Kerberos V5 key table, which stores the service keys used as credentials for accepting security contexts.

NOTE: You must load the specified file as a content file.

KDC Host IP Address

The Kerberos Key Distribution Center (KDC) host IP address. The KDC is a trusted third party consisting of an Authentication Server (AS) and a Ticket Granting Service (TGS).

KDC Host Port

The Kerberos Key Distribution Center (KDC) host port.

TGS Service Principal

The Ticket Granting Service (TGS) principal. Specify this field in canonical form, including realm.

NOTES:

  • Kerberos uses the concept of tickets to prove the identity of users. A Kerberos principal is a unique identity to which Kerberos can assign tickets.

  • You specify client and server principals using NFS, CIFSNG, or HTTP Action list syntax.

Related Information:

Configuring a Client Profile

Testing NFS

Testing CIFSNG/SMB

HTTP/HTTPS Action List Format Examples

© 2024 Spirent Communications, Inc. All Rights Reserved.