Mahai, I cannot see any issue with creating a service principal in KDC and extracting a DES-CBC key into a keytab, then using this keytab on the CISCO router. When you do this the user principal must also use DES-CBC-CRC or DES-CBC-MD5 etype.
It is not clear to me what you mean by having principals using DES3-<something> ? Which principal do you refer to (user or service) ? Can you give a specific example to help me understand what you are trying to do ? Tim. -----Original Message----- From: Mihai RUSU [mailto:[EMAIL PROTECTED] Sent: 24 March 2004 14:51 To: [EMAIL PROTECTED] Subject: RE: cisco & krb5 On Wed, 24 Mar 2004, Tim Alsop wrote: > Mihai, > > I think you will find that the CISCO IOS only supports DES-CBC-CRC & > DES-CBC-MD5. There is no DES3 support. The Kerberos library in the IOS > was based on an old version of our code. Aha, thank you very much for this answer! However, I would like to have the principals with DES-CBC-MD5 (say for cisco) and also DES3-<something> and be able to extrack the DES-CBC-MD5 form in a server keytabe file. Is it possible to do that ? > Regards, > Tim Alsop > CyberSafe Limited. -- Mihai RUSU Email: [EMAIL PROTECTED] GPG : http://dizzy.roedu.net/dizzy-gpg.txt WWW: http://dizzy.roedu.net "Linux is obsolete" -- AST ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
