The Oracle Kerberos implementation appears to be different from the Solaris implementation it sits on top of. There isn't much info on the core differences in the Oracle documentation I've seen and we haven't gotten much out of our support contract, at least yet.
What I've seen is the okinit program (on Solaris 10) seems to support the full range of encryption types when just given a username. This works. However when you give it a keytab (as in okinit -k -t <file> user) it acts very differently. Generally says the enctype is unsupported. Sometimes the mismatch is due to not having the right enctype in the keytab. Sometimes it's there but the request is restricted to single-DES. I think I've gotten okinit to work with des3, but certainly the dbms clients don't request the right tickets. I'm sorry I don't remember all the details of what didn't work, but does anyone have any information on what might be needed to set up Kerberos support for an Oracle database. The Oracle doc's seem pretty incomplete. ------------------------------------------------------------------------ ---- The opinions expressed in this message are mine, not those of Caltech, JPL, NASA, or the US Government. [EMAIL PROTECTED], or [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos