[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

router says "srvtab truncated" when all except des-cbc-crc was removed)

 Good day!

I'm trying to configure a cisco router (7206 12.2) to use krb5-telnet as the default authentication however I bumped into the following problems:

On kdc:
encode_as_rep_as_tgs_rep = true (krb5.conf {kdc})
del_enctype host/our.router {all except des-cbc-crc }

On router:
#conf t
#aaa new-model
#aaa authentication login default krb5-telnet krb5 group radius local
#kerberos local-realm OUR.REALM
#kerberos srvtab entry remote /tftp/krb5.keytab

And I got:
SRVTAB truncated!... Discarding

However when looked into my running config using sho run I can see that the
host/our.router@OUR.REALM has been created

When I try telneting to our.router:

#telnet our.router
[ Trying mutual KERBEROS5 (host/our.router@OUR.REALM)... ]

*** Connection not encrypted! Communication may be eavesdropped. ***

Server refused to negotiate encryption.

It failed....

If I don't remove all encryption types for that host principal, the router doesn't throw any "Truncated" error.. however the same "Server refused to negotiate encryption" error occurs..

Any idea where I might went wrong??
Also, telnet(1) on freebsd6.0 defaults to turning on of encryption of the data stream if possible but I couldn't turn it off when passing -y as an argument to telnet...

That's all for now... thanks!!

Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.