On 17 oct, 22:10, "Markus Moeller" <[EMAIL PROTECTED]> wrote: > Has anybody experience using Oracle Advances Services with Kerberos ? > > Markus
Hi Markus, We want to start to using it in the next months. We have made some tests and reported errors to Oracle. Some of them are typical errors already reported by other people in the group. Also the Oracle impletantion of Kerberos is very old. They told me that in the 12 release they will solve some problems and will add new functionality (more encryption algorithms, etc..). We have tested it with an Oracle 9.2 versiĆ³n and AIX MIT based kerberos server. The problems reported were: Typical KRB5CCNAME parsing problem. If you user the Oracle implementation you could have problems if you use aliases in network interfaces as this implementation include the addresses in the requests to the KDC. In our case the addresses were duplicated and the aliases of the NIC's don't appear in the requests. As our clusters uses the alias of the NIC like a service address we can't get tickets. If we decide to get the initial credentials with the OS Kerberos software we must use the ccache_type = 3 parameter in the krb5.conf file. Then we get initial tickets with kinit and we can see them with oklist after exporting the correct KRB5CCNAME variable. The last problem is that only des-cbc-crc encryption methods is supported. This is a quick review , if you want details about some of the problems tell me and I will try to give you more details. Otto
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
