Question

Kerberos Snooping Data as Custom Feild in NAC

  • 17 December 2019
  • 0 replies
  • 586 views

Userlevel 6
Badge

Hi,

You can use IDM manager and XML notification in order to populate XMC with end-system data and username information extrapolated from Kerberos snooping on EXOS switches.

The username feild is populated in the XMC / Control end-systems data under the heading of ‘Username’.

Here is my dylema…….am currently using EAP-TLS computer auth. The username field is populated with the hostname of the authenticated device. Will not be doing any further EAP-TLS username auth, predominantly due to the additional overhead it introduces.

Sending kerberos data will not overwrite this field with the username, but having the username in XMC would be useful so that it becomes a searchable field and / or could possibly be used for a authorisation criteria later on..

Question: Is there a means to edit the XML-Notification process to adjust the username to save as a ‘Custom’ feild rather then the ‘Username’ field?

Many thanks in advance.


0 replies

Be the first to reply!

Reply