cisco & krb5

Mihai RUSU dizzy at roedu.net
Wed Mar 24 08:47:44 EST 2004


Hi

I am testing cisco switch authentication configuration with kerberos v5 
server. I succeded in auth against kerberos only if the server "key" is 
des-cbc-crc. If I have a key both des-cbc-crc and des3-hmac-sha1 it doesnt 
seem to work. I will investigate this also on the cisco side (if it can be 
made to use des3-hmac-sha1 keys) but while Im doing that I also wanted to 
know how can I add key entries to a keytab file (which I send it to the 
cisco router for his own auth) only of one key type ? If the generated key 
for a principal is both des3-hmac-sha1 and des-cbc-crc it seems that ktadd 
adds them both to the keytab file. I would need a solution to add only 
des-cbc-crc or a solution to delete one of the keys of the same principal 
in a keytab file.

Thanks!

-- 
Mihai RUSU                                    Email: dizzy at roedu.net
GPG : http://dizzy.roedu.net/dizzy-gpg.txt    WWW: http://dizzy.roedu.net
                       "Linux is obsolete" -- AST


More information about the Kerberos mailing list