Cisco WS-C4003 Software Guide - Page 391
Defining a Private DES Key, Encrypting a Telnet Session
View all Cisco WS-C4003 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 391 highlights
Chapter 27 Configuring Switch Access Using AAA Configuring Authentication Defining a Private DES Key You can define a private DES key for the switch. The private DES key can be used to encrypt the secret key that the switch shares with the KDC so that when the show kerberos command is executed, the secret key is not displayed in clear text. The key length should be eight characters or less. To define a DES key, perform this task in privileged mode: Task Define a DES key for the switch. Command set key config-key string This example shows how to define a DES key and verify the configuration: Console> (enable) set key config-key abcd Kerberos config key set to abcd Console> (enable) show kerberos Kerberos Local Realm:CISCO.COM Kerberos server entries: Realm:CISCO.COM, Server:170.20.2.1, Port:750 Realm:CISCO.COM, Server:172.20.2.1, Port:750 Kerberos DomainRealm entries: Domain:cisco.com, Realm:CISCO.COM Kerberos Clients Mandatory Kerberos Credentials Forwarding Disabled Kerberos Pre Authentication Method set to Encrypted Unix Time Stamp Kerberos config key:abcd Kerberos SRVTAB Entries Srvtab Entry 1:host/[email protected] 0 933974942 1 1 8 12151>>3>11 Console> (enable) To clear the DES key, perform this task in privileged mode: Task Clear a DES key from the switch. Command clear key config-key string This example shows how to clear the DES key: Console> (enable) clear key config-key Kerberos config key cleared Console> (enable) Encrypting a Telnet Session After a user authenticates to the switch using Kerberos and wants to Telnet to another switch or host, whether this will be a Kerberized Telnet session depends on the authentication method that the Telnet server uses. If the Telnet server uses Kerberos for authentication, you can have all the application data packets encrypted during the duration of the Telnet session. To encrypt the Telnet session, use the encrypt kerberos option in the telnet command. 78-12647-02 Software Configuration Guide-Catalyst 4000 Family, Catalyst 2948G, Catalyst 2980G, Releases 6.3 and 6.4 27-37