!
!
line con 0
exec-timeout 0 0
login authentication console
line 1 16
transport input all
line aux 0
transport input all
line vty 0 4
password sMudgKin
!
ntp clock-period 17179703
ntp peer 172.19.10.0
ntp peer 172.19.0.0
end
With the device configured thus far, user chet can log in to the device with a username and password and
automatically obtain a TGT, as illustrated in the next example. With possession of a credential, user chet
successfully authenticates to host chet-ss20 without entering a username/password.
chet-ss20% telnet chet-2500
Trying 172.16.0.0 ...
Connected to chet-2500.cisco.com.
Escape character is '^]'.
User Access Verification
Username: chet
Password:
chet-2500> show kerberos creds
Default Principal: chet@CISCO.COM
Valid Starting Expires Service Principal
13-May-1996 14:05:39 13-May-1996 22:06:40 krbtgt/CISCO.COM@CISCO.COM
chet-2500> telnet chet-ss20
Trying chet-ss20.cisco.com (172.71.54.14)... Open
Kerberos: Successfully forwarded credentials
SunOS UNIX (chet-ss20) (pts/7)
Last login: Mon May 13 13:47:35 from chet-ss20.cisco.c
Sun Microsystems Inc. SunOS 5.4 Generic July 1994
unknown mode: new
chet-ss20%
The following example shows how to authenticate to the device using Kerberos credentials. To authenticate
using Kerberos credentials, you would perform the following tasks:
•
Entering configuration mode
•
Remotely copying over the SRVTAB file from the KDC
•
Setting authentication at login to use the Kerberos 5 Telnet authentication protocol when using Telnet
to connect to the device
•
Writing the configuration to the terminal
Note that the new configuration contains a kerberos srvtab entry line. This line is created by the kerberos
srvtab remotecommand.
chet-2500# configure term
Enter configuration commands, one per line. End with CNTL/Z.
chet-2500(config)# kerberos srvtab remote earth chet/chet-2500.cisco.com-new-srvtab
Translating "earth"...domain server (192.168.0.0) [OK]
Loading chet/chet-2500.cisco.com-new-srvtab from 172.68.1.123 (via Ethernet0): !
[OK - 66/1000 bytes]
chet-2500(config)# aaa authentication login default krb5-telnet krb5
chet-2500(config)#
chet-2500#
%SYS-5-CONFIG_I: Configured from console by console
chet-2500# write term
Building configuration...
Consolidated Platform Configuration Guide, Cisco IOS Release 15.2(4)E (Catalyst 2960-X Switches)
996
Configuration Examples for Kerberos