[Freeipa-users] Kerberos and Cisco
Bret Wortman
bret.wortman at damascusgrp.com
Fri Dec 21 23:31:26 UTC 2012
Thanks, all. I'll report back.
--
Bret Wortman
http://bretwortman.com/
http://twitter.com/bretwortman
On Friday, December 21, 2012 at 6:23 PM, Dmitri Pal wrote:
> On 12/21/2012 05:40 PM, Mike Mercier wrote:
> > Hi Bret,
> >
> > I tried this once in the past with no success. If I recall correctly (I can't find the reference anymore), Cisco (at least in IOS 12.4 that I tested) only supports the DES-CBC-CRC enctype. This enctype disabled by default in FreeIPA.
> allow_weak_crypto = true
>
> in krb5.conf to enable it.
>
> >
> > Thanks,
> > Mike
> >
> >
> >
> > On Fri, Dec 21, 2012 at 10:35 AM, Bret Wortman <bret.wortman at damascusgrp.com (mailto:bret.wortman at damascusgrp.com)> wrote:
> > > My network guy wants to use our FreeIPA server to authenticate users on Cisco devices, but when we tried to import the keytab, it balked on every one of the keys.
> > >
> > > Has anyone done this? Any pointers if so?
> > >
> > > Thanks, and happy holidays!
> > >
> > >
> > > --
> > > Bret Wortman
> > > The Damascus Group
> > > Fairfax, VA
> > > http://bretwortman.com/
> > > http://twitter.com/BretWortman
> > >
> > >
> > > _______________________________________________
> > > Freeipa-users mailing list
> > > Freeipa-users at redhat.com (mailto:Freeipa-users at redhat.com)
> > > https://www.redhat.com/mailman/listinfo/freeipa-users
> >
> >
> >
> > _______________________________________________ Freeipa-users mailing list Freeipa-users at redhat.com (mailto:Freeipa-users at redhat.com) https://www.redhat.com/mailman/listinfo/freeipa-users
>
> -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ (http://www.redhat.com/carveoutcosts/)
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20121221/4114c0ce/attachment.htm>
More information about the Freeipa-users
mailing list