[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cisco enctypes trouble
I've just added one of our cisco routers (runnig IOS 12.0(7) into my
kerberos5 test realm. I made some observations I'd like som comments on...
1. Plain 'kinit' gets a des3-cbc-sha1 TGT which does not work with cisco.
2. 'kinit -e des-cbc-crc' does work.
3. heimdal 'telnet' gets a des-cbc-md5 ticket for the router. This does
4. "another kerberos telnet" gets a des-cbc-crc ticket for the
router. After this, everything works, including heimdal 'telnet'.
I guess this is a problem with different implementations supporting
different enctypes, but I don't know who to blame. Should I (as a kerberos
user, not as the kerberos admin) really have to care about this?
Jakob Schlyter <firstname.lastname@example.org> Network Analyst
Phone: +46 31-772 59 19 Computer Communications Group
Fax: +46 31-772 59 22 Chalmers University of Technology
http://www.cdg.chalmers.se/~jakob/ SE-412 96 Goteborg, Sweden