[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

cisco enctypes trouble


I've just added one of our cisco routers (runnig IOS 12.0(7) into my
kerberos5 test realm. I made some observations I'd like som comments on...

1. Plain 'kinit' gets a des3-cbc-sha1 TGT which does not work with cisco.

2. 'kinit -e des-cbc-crc' does work.

3. heimdal 'telnet' gets a des-cbc-md5 ticket for the router. This does 
   not work.

4. "another kerberos telnet" gets a des-cbc-crc ticket for the
   router. After this, everything works, including heimdal 'telnet'.

I guess this is a problem with different implementations supporting
different enctypes, but I don't know who to blame. Should I (as a kerberos
user, not as the kerberos admin) really have to care about this?


Jakob Schlyter <jakob@cdg.chalmers.se>       Network Analyst
Phone:  +46 31-772 59 19                     Computer Communications Group
Fax:    +46 31-772 59 22                     Chalmers University of Technology
http://www.cdg.chalmers.se/~jakob/           SE-412 96 Goteborg, Sweden