[7208] in Kerberos
Re: keberos authentication with tacacs ?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri May 3 02:59:37 1996
To: yvest@accent.net (Yves Touchette)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 03 May 1996 02:54:31 -0400
In-Reply-To: yvest@accent.net's message of Thu, 02 May 1996 06:53:49 GMT
>>>>> "Yves" == Yves Touchette <yvest@accent.net> writes:
Yves> Anybody could help me out setting a tacacs server that
Yves> authenticate via keberos ?
You can't really do this. The TACACS protocol only supports
cleartext password authentication, so it cannot be authenticated with
Kerberos.
This may not be what you mean; you can check users' passwords
against a Kerberos database using a modified TACACS server. You
really shouldn't do that for security reasons, but you may need/want
to do it anyway in some configurations. Be aware that you will lose
many of the advantages of Kerberos in many environments if you choose
this option. (Sadly, this is one of a limited selection of options
with production versions of Cisco software; the future looks brighter,
however.)
Why don't you describe what you're really trying to do and
give enough details about your environment that we know what security
risks are reasonable for you and what options you have.Do you consider
your network secure? How soon do you need an solution? What
hardware/software do you have?
Yves> Yvest Network Operation Group yvest@total.net
Yves> http://www.total.net Total Net. Montreal,Ca.
Yves> A baby is God's opinion that the world should go on. --
Yves> Carl Sandburg
