[Freeipa-users] Kerberos and Cisco
Dmitri Pal
dpal at redhat.com
Fri Dec 21 23:23:12 UTC 2012
On 12/21/2012 05:40 PM, Mike Mercier wrote:
> Hi Bret,
>
> I tried this once in the past with no success. If I recall correctly
> (I can't find the reference anymore), Cisco (at least in IOS 12.4 that
> I tested) only supports the DES-CBC-CRC enctype. This enctype
> disabled by default in FreeIPA.
allow_weak_crypto = true
in krb5.conf to enable it.
>
> Thanks,
> Mike
>
>
> On Fri, Dec 21, 2012 at 10:35 AM, Bret Wortman
> <bret.wortman at damascusgrp.com <mailto:bret.wortman at damascusgrp.com>>
> wrote:
>
> My network guy wants to use our FreeIPA server to authenticate
> users on Cisco devices, but when we tried to import the keytab, it
> balked on every one of the keys.
>
> Has anyone done this? Any pointers if so?
>
> Thanks, and happy holidays!
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121221/c0bb69b9/attachment.htm>
More information about the Freeipa-users
mailing list