krb5 authentication + ssh

krb5 authentication + ssh

NewsGroups | Search | Tools
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
krb5 authentication + ssh Nikos Nikoleris 07-07-2008
Posted by Nikos Nikoleris on July 7, 2008, 9:40 am
If you were  Registered and logged in, you could reply and use other advanced thread options
We've got a cisco switch 3750 and what we are trying to do is make it
authenticate using a kerberos server we already have for central
authentication.

What we've set is:

aaa authentication login default local krb5 enable
kerberos local-realm REALM.COM
kerberos srvtab entry host/switch.realm.com@REALM.COM <snip>
kerberos server REALM.COM 10.0.0.1

and we are now able to authenticate using the kerberos password but we
cannot authenticate using the already obtained credentials after a kinit
command. We've have tried using telnet with krb5-telnet and we could
login as it is expected without giving any password - given that we
already have the credentials. Our clients are most probably working well
since we can ssh to other kerberos enabled servers in the same realm
without password. Is it something we are doing wrong?

Thanks for the help
Nikos

Similar ThreadsPosted
Failed Authentication, Status "Unsupported Authentication Algorithm" November 26, 2004, 5:20 am
PIX + aaa authentication November 5, 2004, 4:07 pm
PIX and cut-through authentication February 10, 2005, 4:50 pm
cut-through authentication for ssh? February 18, 2005, 6:55 pm
VPN Authentication April 19, 2005, 9:50 am
PIX Authentication June 7, 2005, 2:29 pm
EAP Authentication June 22, 2005, 6:03 pm
802.1x Authentication November 10, 2005, 2:24 am
authentication and ACL with PIX May 12, 2006, 9:23 am
VPN ASA Authentication to MS CA October 31, 2007, 7:06 am

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map