[Freeipa-users] Kerberos and Cisco

Bret Wortman bret.wortman at damascusgrp.com
Fri Dec 21 23:31:26 UTC 2012 

Thanks, all. I'll report back.  


-- 
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman


On Friday, December 21, 2012 at 6:23 PM, Dmitri Pal wrote:

> On 12/21/2012 05:40 PM, Mike Mercier wrote: 
> > Hi Bret, 
> > 
> > I tried this once in the past with no success.  If I recall correctly (I can't find the reference anymore), Cisco (at least in IOS 12.4 that I tested) only supports the DES-CBC-CRC enctype.  This enctype disabled by default in FreeIPA. 
> allow_weak_crypto = true 
> 
> in krb5.conf to enable it.
> 
> > 
> > Thanks, 
> > Mike
> > 
> > 
> > 
> > On Fri, Dec 21, 2012 at 10:35 AM, Bret Wortman <bret.wortman at damascusgrp.com (mailto:bret.wortman at damascusgrp.com)> wrote:
> > > My network guy wants to use our FreeIPA server to authenticate users on Cisco devices, but when we tried to import the keytab, it balked on every one of the keys. 
> > > 
> > > Has anyone done this? Any pointers if so? 
> > > 
> > > Thanks, and happy holidays! 
> > > 
> > > 
> > > -- 
> > > Bret Wortman 
> > > The Damascus Group
> > > Fairfax, VA
> > > http://bretwortman.com/
> > > http://twitter.com/BretWortman
> > > 
> > > 
> > > _______________________________________________
> > > Freeipa-users mailing list
> > > Freeipa-users at redhat.com (mailto:Freeipa-users at redhat.com)
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> > 
> > 
> > 
> > _______________________________________________ Freeipa-users mailing list Freeipa-users at redhat.com (mailto:Freeipa-users at redhat.com) https://www.redhat.com/mailman/listinfo/freeipa-users 
> 
> -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ (http://www.redhat.com/carveoutcosts/) 
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
> 
> 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121221/4114c0ce/attachment.htm>

More information about the Freeipa-users mailing list