cisco & krb5
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Wed Mar 24 09:42:34 EST 2004
Mahai,
I cannot see any issue with creating a service principal in KDC and extracting a DES-CBC key into a keytab, then using this keytab on the CISCO router. When you do this the user principal must also use DES-CBC-CRC or DES-CBC-MD5 etype.
It is not clear to me what you mean by having principals using DES3-<something> ? Which principal do you refer to (user or service) ? Can you give a specific example to help me understand what you are trying to do ?
Tim.
-----Original Message-----
From: Mihai RUSU [mailto:dizzy at roedu.net]
Sent: 24 March 2004 14:51
To: Kerberos at mit.edu
Subject: RE: cisco & krb5
On Wed, 24 Mar 2004, Tim Alsop wrote:
> Mihai,
>
> I think you will find that the CISCO IOS only supports DES-CBC-CRC &
> DES-CBC-MD5. There is no DES3 support. The Kerberos library in the IOS
> was based on an old version of our code.
Aha, thank you very much for this answer!
However, I would like to have the principals with DES-CBC-MD5 (say for
cisco) and also DES3-<something> and be able to extrack the DES-CBC-MD5
form in a server keytabe file. Is it possible to do that ?
> Regards,
> Tim Alsop
> CyberSafe Limited.
--
Mihai RUSU Email: dizzy at roedu.net
GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net
"Linux is obsolete" -- AST
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list