Cisco WS-C2950SX-48-SI Configuration Manual page 482

Configuring Authentication
To define a DES key, perform this task in privileged mode:
Task
Define a DES key for the switch.
This example shows how to define a DES key and verify the configuration:
Console> (enable) set key config-key abcd
Kerberos config key set to abcd
Console> (enable) show kerberos
Kerberos Local Realm:CISCO.COM
Kerberos server entries:
Realm:CISCO.COM,
Realm:CISCO.COM,
Kerberos Domain<->Realm entries:
Domain:cisco.com,
Kerberos Clients Mandatory
Kerberos Credentials Forwarding Disabled
Kerberos Pre Authentication Method set to Encrypted Unix Time Stamp
Kerberos config key:abcd
Kerberos SRVTAB Entries
Srvtab Entry 1:host/aspen-niners.cisco.edu@CISCO.EDU 0 933974942 1 1 8 12151><88?=>>3>11
Console> (enable)
To clear the DES key, perform this task in privileged mode:
Task
Clear a DES key from the switch.
This example shows how to clear the DES key:
Console> (enable) clear key config-key
Kerberos config key cleared
Console> (enable)
Encrypting a Telnet Session
After a user authenticates to the switch using Kerberos and wants to Telnet to a different switch or host,
the authentication method that the Telnet server uses determines if the new session is a Kerberized Telnet
session. If the Telnet server uses Kerberos for authentication, you can have all the application data
packets encrypted for the duration of the Telnet session. To encrypt the Telnet session, select the encrypt
kerberos option in the telnet command.
To encrypt a Telnet session, perform this task in privileged mode:
Task
Encrypt a Telnet session.
Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide
30-38
Server:170.20.2.1, Port:750
Server:172.20.2.1, Port:750
Realm:CISCO.COM
Chapter 30 Configuring Switch Access Using AAA
Command
set key config-key string
Command
clear key config-key string
Command
telnet [encrypt kerberos] host
—
Release 8.1
78-15486-01