cisco & krb5

Tim Alsop Tim.Alsop at CyberSafe.Ltd.UK
Wed Mar 24 09:42:34 EST 2004


Mahai,

I cannot see any issue with creating a service principal in KDC and extracting a DES-CBC key into a keytab, then using this keytab on the CISCO router. When you do this the user principal must also use DES-CBC-CRC or DES-CBC-MD5 etype. 

It is not clear to me what you mean by having principals using DES3-<something> ? Which principal do you refer to (user or service) ? Can you give a specific example to help me understand what you are trying to do ?

Tim.

-----Original Message-----
From: Mihai RUSU [mailto:dizzy at roedu.net] 
Sent: 24 March 2004 14:51
To: Kerberos at mit.edu
Subject: RE: cisco & krb5

On Wed, 24 Mar 2004, Tim Alsop wrote:

> Mihai,
> 
> I think you will find that the CISCO IOS only supports DES-CBC-CRC &
> DES-CBC-MD5. There is no DES3 support. The Kerberos library in the IOS
> was based on an old version of our code.

Aha, thank you very much for this answer!

However, I would like to have the principals with DES-CBC-MD5 (say for 
cisco) and also DES3-<something> and be able to extrack the DES-CBC-MD5 
form in a server keytabe file. Is it possible to do that ?

> Regards, 
> Tim Alsop
> CyberSafe Limited.


-- 
Mihai RUSU                                    Email: dizzy at roedu.net
GPG : http://dizzy.roedu.net/dizzy-gpg.txt    WWW: http://dizzy.roedu.net
                       "Linux is obsolete" -- AST
________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list