Jeffrey Hutzelman wrote:
On Thursday, April 07, 2005 05:35:59 PM -0400 Sam Hartman <[EMAIL PROTECTED]> wrote:
The best you can do is use the -e argument of the kvno program to request a des-cbc-crc ticket for the appropriate oracle service principal before you start Oracle.
The other thing you should do is file a TAR with Oracle on this issue, describing the security and interoperability issues it causes for you and asking them to fix the problem. The more people who report problems caused by the use of such ancient Kerberos, the higher likelyhood they will fix it.
I've got two TARs in the system right now, both of which are on this issue. They have a bug on file from ~11/2004 from someone else.
If you felt it was appropriate, you might point out that NIST is in the process of withdrawing FIPS 46-3, after which federal agencies will not be permitted to use single DES for the protection of federal information. The full notice was published in the July 26, 2004 Federal Register (vol. 69, no. 142, pp. 44509-44510) as docket number 040602169-4169-01.
Anything helps - I'll add this to the TARs.
Thanks, Craig
-- / Craig Huckabee | e-mail: [EMAIL PROTECTED] / / Code 715-CH | phone: (843) 218 5653 / / SPAWAR Systems Center | close proximity: "Hey You!" / / Charleston, SC | ICBM: 32.78N, 79.93W /
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
