[7223] in Kerberos
Re: keberos authentication with tacacs ?
daemon@ATHENA.MIT.EDU (John Hawkinson)
Sun May 5 22:08:09 1996
Date: Sun, 5 May 1996 21:49:27 -0400
To: joek@CyberSafe.com (Joe Kovara)
Cc: kerberos@MIT.EDU
In-Reply-To: "[7222] in Kerberos"
From: John Hawkinson <jhawk@MIT.EDU>
> Cisco also supports Kerberos (V5). I'm not sure if this release is
> out of early field test yet.
It does so as of IOS 11.1. Note that the 11.1 implementation has the
same problem as John Hascall's TACACS backend -- it is vulnerable to
spoofed kdc replies.
11.1 is in "Limited Deployment", but has indeed been released.
<Also, insert commentary here on why Kerberos is inappropriate for
terminal server authentication (modems are cleartext).>
This is expected to improve some time after 11.1...
--jhawk
