39-38
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authentication on the Switch
To retrieve the SRVTAB files to the switch from the KDC, perform this task in privileged mode:
This example shows how to retrieve an SRVTAB file from the KDC, enter an SRVTAB directly into the
switch, and verify the configuration:
kerberos> (enable) set kerberos srvtab remote 187.20.32.10 /users/jdoe/krb5/ninerskeytab
kerberos> (enable)
kerberos> (enable) set kerberos srvtab entry host/niners.cisco.com@CISCO.COM 0 932423923 1
1 8 03;;5>00>50;0=0=0
Kerberos SRVTAB entry set to
Principal:host/niners.cisco.com@CISCO.COM
Principal Type:0
Timestamp:932423923
Key version number:1
Key type:1
Key length:8
Encrypted key tab:03;;5>00>50;0=0=0
kerberos> (enable) show kerberos
Kerberos Local Realm:CISCO.COM
Kerberos server entries:
Realm:CISCO.COM, Server:187.0.2.1, Port:750
Realm:CISCO.COM, Server:187.20.2.1, Port:750
Kerberos Domain<->Realm entries:
Domain:cisco.com, Realm:CISCO.COM
Kerberos Clients NOT Mandatory
Kerberos Credentials Forwarding Enabled
Kerberos Pre Authentication Method set to None
Kerberos config key:
Kerberos SRVTAB Entries
Srvtab Entry 1:host/niners.cisco.com@CISCO.COM 0 932423923 1 1 8 03;;5>00>50;0=0=0
Srvtab Entry 2:host/niners.cisco.edu@CISCO.EDU 0 933974942 1 1 8 00?58:127:223=:;9
Console> (enable)
Deleting an SRVTAB Entry
To delete an SRVTAB entry, perform this task in privileged mode:
Task Command
Step 1
Retrieve a specified SRVTAB file from the KDC. set kerberos srvtab remote {hostname |
ip_address} filename
Step 2
(Optional) Enter the SRVTAB directly into the
switch.
set kerberos srvtab entry kerberos_principal
principal_type timestamp key_version number
key_type key_length encrypted_keytab
Task Command
Delete the SRVTAB entry for a particular
Kerberos principal.
clear kerberos srvtab entry kerberos_principal
principal_type
To Next Page