Getting single DES TGT
Craig Huckabee
huck at spawar.navy.mil
Fri Apr 8 14:14:13 EDT 2005
Jeffrey Hutzelman wrote:
>
>
> On Thursday, April 07, 2005 05:35:59 PM -0400 Sam Hartman
> <hartmans at mit.edu> wrote:
>
>> The best you can do is use the -e argument of the kvno program to
>> request a des-cbc-crc ticket for the appropriate oracle service
>> principal before you start Oracle.
>
>
>
> The other thing you should do is file a TAR with Oracle on this issue,
> describing the security and interoperability issues it causes for you
> and asking them to fix the problem. The more people who report problems
> caused by the use of such ancient Kerberos, the higher likelyhood they
> will fix it.
>
I've got two TARs in the system right now, both of which are on this
issue. They have a bug on file from ~11/2004 from someone else.
>
>
> If you felt it was appropriate, you might point out that NIST is in the
> process of withdrawing FIPS 46-3, after which federal agencies will not
> be permitted to use single DES for the protection of federal
> information. The full notice was published in the July 26, 2004 Federal
> Register (vol. 69, no. 142, pp. 44509-44510) as docket number
> 040602169-4169-01.
>
>
Anything helps - I'll add this to the TARs.
Thanks,
Craig
--
/ Craig Huckabee | e-mail: huck at spawar.navy.mil /
/ Code 715-CH | phone: (843) 218 5653 /
/ SPAWAR Systems Center | close proximity: "Hey You!" /
/ Charleston, SC | ICBM: 32.78N, 79.93W /
More information about the Kerberos
mailing list