Home > Data Protection > PowerProtect DD Series Appliances > Dell Data Domain Boost File System: Deployment and Configuration > BoostFS authentication methods
BoostFS has two authentication options:
RSA Lockbox is the default password manager for BoostFS for Linux. To use RSA Lockbox, you must run the boostfs lockbox set command to configure the lockbox. Starting with BoostFS 1.1, a shared BoostFS lockbox file can also be configured.
Beginning with BoostFS 1.1, a common lockbox file can be created for all BoostFS clients. By using this feature, you can avoid creating a separate lockbox file for each unique BoostFS client.
Sharing a common lockbox file enables you to create a single management point for BoostFS clients to access BoostFS mount points on PowerProtect DD systems.
BoostFS Linux supports the MIT implementation of Kerberos authentication as an alternative to RSA Lockbox authentication.
The primary entities involved with Kerberos authentication are:
The Kerberos file contains a "shared secret" (a password, passphrase, or other unique identifier) between the KDC server and the PowerProtect DD appliance.
In an Active Directory environment, the Windows server that hosts the Active Directory service also acts as the KDC and a Domain Name Server (DNS). When you use a UNIX KDC, the DNS server does not have to be the KDC server; it can be a separate server.
Note: Before using Kerberos for BoostFS, verify that the Kerberos client libraries for Linux distribution are installed on the machine.
To authenticate using Kerberos, Ticket Granting Ticket (TGT) must be acquired for two types of user accounts:
Each user has access to only the tickets that they create with the BoostFS Kerberos commands. Users cannot access tickets that others have created.
For more detailed information about using RSA Lockbox-based and Kerberos-based authentication with BoostFS for Linux, see the DD BoostFS for Linux Configuration Guide.