Cisco VPN 3000 series does not support preauth
Garrett Wollman
wollman at lcs.mit.edu
Wed Dec 8 18:14:17 EST 2004
In article <20041208224949.GD290 at yiff.mit.edu>,
Rachel Elizabeth Dillon <red at MIT.EDU> wrote:
>A colleague went and asked Cisco about the Kerberos preauthentication
>issue on VPN 3000 series hardware, and apparently they do not support
>preauthentication and do not intend to do so. I thought this might be
>useful to other people on this list, so I sent it along.
Hardware or software preauth?
Cisco definitely does support software preauth in the VPN 3005 that we
have; I know because I wasted quite a bit of time getting them to fix
it so that it worked with anything other than des-cbc-* keys. Our VPN
users depend on this to log in, so it would be an unpleasant surprise
if it stopped working.
-GAWollman
--
Garrett A. Wollman | As the Constitution endures, persons in every
wollman at lcs.mit.edu | generation can invoke its principles in their own
Opinions not those of| search for greater freedom.
MIT, LCS, CRS, or NSA| - A. Kennedy, Lawrence v. Texas, 539 U.S. ___ (2003)
More information about the Kerberos
mailing list