1.This section covers the necessary steps that an administrator needs to carry out to set up the above Kerberos configuration.
本节讨论设置以上Kerberos配置所需的步骤。
2.An authentication error will occur if the user trying to connect is not same as the user whose credential is in the Kerberos cache.
如果试图连接的用户与其凭证保存在Kerberos缓存中的用户不一致,将发生身份验证错误。
3.If SSO is not working for you at this point please continue and verify all Kerberos Prerequisites mentioned in the next section.
如果此时SSO还不能正常工作,请继续验证下一节提到的所有Kerberos先决条件。
4.Kerberos, which provides a secure means of authentication for network users, is one of the most popular authentication mechanisms.
Kerberos为网络用户提供了一种安全的身份验证手段,是最流行的身份验证机制之一。
5.It's the only one that supports Kerberos authentication and supports LDAP with an Active Directory server -- that type of thing.
它是唯一一个支持Kerberos认证和带有活动目录服务器的LDAP(此类东西)的后端。
6.NTLM authentication is required in networks where the server receives requests from clients that do not support Kerberos authentication.
在服务器接收客户端的请求而客户端不支持Kerberos身份验证的网络中,必须使用NTLM身份验证。
7.Kerberos is an authentication protocol that uses 'tickets' to verify the identity of a user in an unprotected network.
Kerberos是一种身份验证协议,它使用‘票据’验证未受保护的网络中的用户的身份。
8.In a Kerberos installation, each entity (inpidual users, computers, and services running on servers) has a principal associated with it.
在Kerberos安装中,每个实体(在服务器上运行的单个用户、计算机和服务)都拥有一个与之相关联的主体。
9.But authentication service in Kerberos is just a component of key-distribution service.
但身份验证服务在Kerberos中只是密钥分发服务的一个组成部分。
10.Fix: The Kerberos authentication protocol requires that the clock skew between a server and a client is no greater than 5 minutes.
解决方案:Kerberos身份验证协议要求服务器和客户机之间的时钟差不大于5分钟。