[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cisco enctypes trouble

To: Assar Westerlund <assar@sics.se>
Subject: Re: cisco enctypes trouble
From: Jakob Schlyter <jakob@cdg.chalmers.se>
Date: Thu, 25 Nov 1999 23:04:00 +0100 (MET)
cc: heimdal-discuss@sics.se
In-Reply-To: <5lemde6yp7.fsf@foo.sics.se>
Sender: owner-heimdal-discuss@sics.se

On 25 Nov 1999, Assar Westerlund wrote:

> So in this case I would suggest just having a des-cbc-crc key for
> `host/my-cisco-router'.  (I know the UI for this is kind of
> suboptimal.)  If there only is a `des-cbc-crc' key, kinit should still
> get a des3-cbc-sha1 ticket for `krbtgt/REALM@REALM' but only a
> `des-cbc-crc' key for `host/my-cisco-router'.  Can you try doing that
> and see if it just works for you?

Sure...

shut down kdc. dumped database to file. edited file and removed all other
enctypes than des-cbc-crc for host/my-cisco-router. load file into
database. start up kdc.

kinit gets des3-cbc-sha1. telnet gets des-cbc-crc. cisco happy. sysadmin happy.

> If you do, I might implement a better command in `kadmin'. :-)

That would be nice.

/Jakob

--
Jakob Schlyter <jakob@cdg.chalmers.se>       Network Analyst
Phone:  +46 31-772 59 19                     Computer Communications Group
Fax:    +46 31-772 59 22                     Chalmers University of Technology
http://www.cdg.chalmers.se/~jakob/           SE-412 96 Goteborg, Sweden

Follow-Ups:
- Re: cisco enctypes trouble
  - From: Assar Westerlund <assar@sics.se>

References:
- Re: cisco enctypes trouble
  - From: Assar Westerlund <assar@sics.se>

Prev by Date: Re: Authorization
Next by Date: Re: cisco enctypes trouble
Prev by thread: Re: cisco enctypes trouble
Next by thread: Re: cisco enctypes trouble
Index(es):
- Date
- Thread