Mihai, I think you will find that the CISCO IOS only supports DES-CBC-CRC & DES-CBC-MD5. There is no DES3 support. The Kerberos library in the IOS was based on an old version of our code.
Regards, Tim Alsop CyberSafe Limited. -----Original Message----- From: Mihai RUSU [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 13:48 To: [EMAIL PROTECTED] Subject: cisco & krb5 Hi I am testing cisco switch authentication configuration with kerberos v5 server. I succeded in auth against kerberos only if the server "key" is des-cbc-crc. If I have a key both des-cbc-crc and des3-hmac-sha1 it doesnt seem to work. I will investigate this also on the cisco side (if it can be made to use des3-hmac-sha1 keys) but while Im doing that I also wanted to know how can I add key entries to a keytab file (which I send it to the cisco router for his own auth) only of one key type ? If the generated key for a principal is both des3-hmac-sha1 and des-cbc-crc it seems that ktadd adds them both to the keytab file. I would need a solution to add only des-cbc-crc or a solution to delete one of the keys of the same principal in a keytab file. Thanks! -- Mihai RUSU Email: [EMAIL PROTECTED] GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net "Linux is obsolete" -- AST ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
