cisco & krb5
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Wed Mar 24 09:24:01 EST 2004
Mihai,
I think you will find that the CISCO IOS only supports DES-CBC-CRC & DES-CBC-MD5. There is no DES3 support. The Kerberos library in the IOS was based on an old version of our code.
Regards,
Tim Alsop
CyberSafe Limited.
-----Original Message-----
From: Mihai RUSU [mailto:dizzy at roedu.net]
Sent: 24 March 2004 13:48
To: Kerberos at mit.edu
Subject: cisco & krb5
Hi
I am testing cisco switch authentication configuration with kerberos v5
server. I succeded in auth against kerberos only if the server "key" is
des-cbc-crc. If I have a key both des-cbc-crc and des3-hmac-sha1 it doesnt
seem to work. I will investigate this also on the cisco side (if it can be
made to use des3-hmac-sha1 keys) but while Im doing that I also wanted to
know how can I add key entries to a keytab file (which I send it to the
cisco router for his own auth) only of one key type ? If the generated key
for a principal is both des3-hmac-sha1 and des-cbc-crc it seems that ktadd
adds them both to the keytab file. I would need a solution to add only
des-cbc-crc or a solution to delete one of the keys of the same principal
in a keytab file.
Thanks!
--
Mihai RUSU Email: dizzy at roedu.net
GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net
"Linux is obsolete" -- AST
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list