Cisco Cisco Broadband Access Center Telco Wireless 3.8
8-29
Cisco Broadband Access Center for Cable Administrator’s Guide
OL-2445-02
Chapter 8 Broadband Access Center for Cable Support Tools and Advanced Concepts
Using the Keygen Tool
Note
You must restart your NR DHCP server for the changes to take effect
This is an example of viewing the current properties:
# /opt/CSCObpr/cnr_ep_bin/changeNRProperties.sh -d
Current NR Properties:
RDU Port: 49187
RDU FQDN: rdu.acme.com
Provisioning Group: primary1
Shared Secret: fggTaLg0XwKRs
PacketCable Enable: enabled
PacketCable TGT: 01
PacketCable Realm: ACME.COM
PacketCable Primary DHCP Server: 192.168.1.2
PacketCable Secondary DHCP Server: NOT SET
PacketCable Primary DNS Server: 192.168.1.2
PacketCable Secondary DNS Server: NOT SET
Using the Keygen Tool
The keygen tool is used to generate PacketCable service keys. The service keys are symmetric triple
data encryption standard (triple DES or 3DES) keys (shared-secret) required for KDC communications.
The KDC server requires service keys for each of the DPE’s provisioning FQDNs.
data encryption standard (triple DES or 3DES) keys (shared-secret) required for KDC communications.
The KDC server requires service keys for each of the DPE’s provisioning FQDNs.
The KDC server reads the service keys on startup. Any modification to the service keys requires the
KDC server to be restarted. Any changes made to the DPE provisioning FQDN through the DPE CLI
mandates a corresponding change to the KDC service key filename. This applies since the KDC service
key uses the DPE provisioning FQDN as part of its filename.
KDC server to be restarted. Any changes made to the DPE provisioning FQDN through the DPE CLI
mandates a corresponding change to the KDC service key filename. This applies since the KDC service
key uses the DPE provisioning FQDN as part of its filename.
This tool, which is located in the <BPR_HOME>/kdc directory, uses command-line arguments for the
DPE provisioning FQDN, realm name, and a password and generates the service key files.
DPE provisioning FQDN, realm name, and a password and generates the service key files.
Syntax Description
You must use this syntax when using the Keygen tool:
keygen [options] <fqdn> <realm> <password>
Where options include:
•
-?—Displays this usage message and exits the command.
•
-v, -version—Displays the version of this tool and exits the command.
•
-q, -quiet—Implements a quiet mode whereby no output is created.
•
-c, -cms—Creates a service key for the CMS system.
•
<fqdn>—Identifies the DPE’s fully qualified domain name and is a required entry.
•
<realm>—Identifies the Kerberos realm and is a required entry.
•
<password>—Specifies the password to be used. This is also a required field. The password must
be between 6 and 20 characters in length. For example:
be between 6 and 20 characters in length. For example:
Three service key files are written in KDC keys directory using this filename syntax:
mtafqdnmap,<fqdn>@<REALM>
mtaprovsrvr,<fqdn>@<REALM>
krbtgt,<REALM>@<REALM>