尝试通过TFTP加载SRVTAB时,收到“不支持的键types”错误:
abc(config)#kerberos srvtab remote 1.2.3.4 abc.srvtab Loading abc.srvtab from 1.2.3.4 (via Vlan123): ! [OK - 121 bytes] Unsupported keytype 18! Discarding... No principals in srvtab! Discarding... Failed to retrieve srvtab from tftp://1.2.3.4/abc.srvtab 但是,如果手动指定条目,则不会收到错误 :
abc(config)#kerberos srvtab entry host/abc@REALM 1 1418612000 1 18 32 0123456...
…但是生成的密钥不起作用(尽pipe没有设置config-key ,但查看configuration文件时键值看起来已经损坏)。 更糟糕的是,configuration引导IOS在启动Kerberos会话时尝试分配千兆字节的内存:
Dec 15 19:42:03.030: AAA/BIND(00000B9A): Bind i/f Dec 15 19:42:03.035: %SYS-2-MALLOCFAIL: Memory allocation of 4294580232 bytes failed from 0x1488F68, alignment 0 Pool: Processor Free: 5121120 Cause: Not enough free memory Alternate Pool: None Free: 0 Cause: No Alternate pool -Process= "Virtual Exec", ipl= 0, pid= 399 -Traceback= 53C8ECz 1DCFBF8z 1DD6FDCz 1DD77B4z 2ACF704z 1488F6Cz 146BF6Cz 148C61Cz 14816A8z 1255930z 1255BC4z 1255C64z 12483C0z 494B7Cz 299BEA8z 2996448z Dec 15 19:42:03.040: Kerberos: Failed to generate authentication data! Dec 15 19:42:03.040: AAA/AUTHEN/LOGIN (00000B9A): Pick method list 'default' Dec 15 19:42:03.040: kerberos(00000B9A): krb_is_user_authenticated 0
所以,我们假定aes256-cts-hmac-sha1-96在这个设备上是不支持的,但是如何确定哪个algorithm是被支持的呢?