Oracle Kerberos Implementation Info Needed
Henry B. Hotz
hotz at jpl.nasa.gov
Tue May 16 18:16:36 EDT 2006
The Oracle Kerberos implementation appears to be different from the
Solaris implementation it sits on top of. There isn't much info on
the core differences in the Oracle documentation I've seen and we
haven't gotten much out of our support contract, at least yet.
What I've seen is the okinit program (on Solaris 10) seems to support
the full range of encryption types when just given a username. This
works. However when you give it a keytab (as in okinit -k -t <file>
user) it acts very differently. Generally says the enctype is
unsupported. Sometimes the mismatch is due to not having the right
enctype in the keytab. Sometimes it's there but the request is
restricted to single-DES. I think I've gotten okinit to work with
des3, but certainly the dbms clients don't request the right tickets.
I'm sorry I don't remember all the details of what didn't work, but
does anyone have any information on what might be needed to set up
Kerberos support for an Oracle database. The Oracle doc's seem
pretty incomplete.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list