Hi, Oracle has most of these kerberos issues fixed in 11g which was recently released.
Thanks, Preetam --- Markus Moeller <[EMAIL PROTECTED]> wrote: > So it sounds Oracle uses a very old MIT 1.2.x > release. It seems the best is > to wait for Oracle 12 which is hopefully based on a > newer MIT release or > uses independant GSSAPI libraries (e.g. Solaris 10). > When will release 12 > with ASO be available ? > > Thank you > Markus > > "smelt" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > On 17 oct, 22:10, "Markus Moeller" > <[EMAIL PROTECTED]> wrote: > > Has anybody experience using Oracle Advances > Services with Kerberos ? > > > > Markus > > Hi Markus, > > We want to start to using it in the next months. We > have made some > tests and reported errors to Oracle. > > Some of them are typical errors already reported by > other people in > the group. Also the Oracle impletantion of Kerberos > is very old. > > They told me that in the 12 release they will solve > some problems and > will add new functionality (more encryption > algorithms, etc..). > > We have tested it with an Oracle 9.2 versiĆ³n and AIX > MIT based > kerberos server. The problems reported were: > > Typical KRB5CCNAME parsing problem. > > If you user the Oracle implementation you could have > problems if you > use aliases in network interfaces as this > implementation include the > addresses in the requests to the KDC. In our case > the addresses were > duplicated and the aliases of the NIC's don't appear > in the requests. > As our clusters uses the alias of the NIC like a > service address we > can't get tickets. > > If we decide to get the initial credentials with the > OS Kerberos > software we must use the ccache_type = 3 parameter > in the krb5.conf > file. Then we get initial tickets with kinit and we > can see them with > oklist after exporting the correct KRB5CCNAME > variable. > > The last problem is that only des-cbc-crc encryption > methods is > supported. > > This is a quick review , if you want details about > some of the > problems tell me and I will try to give you more > details. > > Otto > > > > > > -------------------------------------------------------------------------------- > > > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
