On Thursday, April 07, 2005 05:35:59 PM -0400 Sam Hartman <[EMAIL PROTECTED]> wrote:
The best you can do is use the -e argument of the kvno program to request a des-cbc-crc ticket for the appropriate oracle service principal before you start Oracle.
The other thing you should do is file a TAR with Oracle on this issue, describing the security and interoperability issues it causes for you and asking them to fix the problem. The more people who report problems caused by the use of such ancient Kerberos, the higher likelyhood they will fix it.
If you felt it was appropriate, you might point out that NIST is in the process of withdrawing FIPS 46-3, after which federal agencies will not be permitted to use single DES for the protection of federal information. The full notice was published in the July 26, 2004 Federal Register (vol. 69, no. 142, pp. 44509-44510) as docket number 040602169-4169-01.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
