39-41
Catalyst 6500 Series Switch Software Configuration Guide—Release 8.7
OL-8978-04
Chapter 39 Configuring the Switch Access Using AAA
Configuring Authentication on the Switch
Defining and Clearing a Private DES Key
You can define a private DES key for the switch. You can use the private DES key to encrypt the secret
key that the switch shares with the KDC so that when the show kerberos command is executed, the
secret key is not displayed in clear text. The key length should be eight characters or less.
To define a DES key, perform this task in privileged mode:
This example shows how to define a DES key and verify the configuration:
kerberos> (enable) set key config-key abcd
Kerberos config key set to abcd
kerberos> (enable) show kerberos
Kerberos Local Realm:CISCO.COM
Kerberos server entries:
Realm:CISCO.COM, Server:170.20.2.1, Port:750
Realm:CISCO.COM, Server:172.20.2.1, Port:750
Kerberos Domain<->Realm entries:
Domain:cisco.com, Realm:CISCO.COM
Kerberos Clients Mandatory
Kerberos Credentials Forwarding Disabled
Kerberos Pre Authentication Method set to Encrypted Unix Time Stamp
Kerberos config key:abcd
Kerberos SRVTAB Entries
Srvtab Entry 1:host/aspen-niners.cisco.edu@CISCO.EDU 0 933974942 1 1 8 12151><88?=>>3>11
kerberos> (enable)
To clear the DES key, perform this task in privileged mode:
This example shows how to clear the DES key:
Console> (enable) clear key config-key
Kerberos config key cleared
Console> (enable)
Encrypting a Telnet Session
After a user authenticates to the switch using Kerberos and wants to access another switch or host
through Telnet, whether or not this will be a Kerberized Telnet depends on the authentication method
that the Telnet server uses. If the Telnet server uses Kerberos for authentication, you can choose to have
all the application data packets that are encrypted for the duration of the Telnet session. To encrypt the
Telnet session, select the encrypt kerberos option in the telnet command.
Task Command
Define a DES key for the switch. set key config-key string
Task Command
Clear a DES key from the switch. clear key config-key string
To Next Page
Loading...
