[Deploying Sakai] Kerberos Provider and JDK 6 Update 26

Matthew Buckett matthew.buckett at oucs.ox.ac.uk
Thu Jul 21 07:14:26 PDT 2011

On Tue, Jul 19, 2011 at 6:20 PM, Martin B. Smith <smithmb at ufl.edu> wrote:
> On 07/13/2011 01:13 PM, Martin B. Smith wrote:
>> I'm currently continuing to work with Redhat, Oracle, and the person who
>> wrote the 'fixes' released in update 25. As I said, I'd love to resolve
>> it and get update 26 applied..
> Hi all,
> I have an update to this issue. It looks like the issue grew out of some
> particular encryption types, plus their salts, on the KDC that are handled
> differently in Java as of update 25. The workaround is to remove the
> offending encryption types that Java isn't handling correctly, and then
> force an update of the principal.

Do you mean remove them from the KDC?

I'd been trying with a kerberos config of:

   default_realm = OX.AC.UK
   default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
   default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
   permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1

but having no success.

> The Oracle folks tell me it will be fixed in 6u28, which should be released
> in October.

:-) Thanks for the update. Is there a Oracle bug ID that you know of?

  Matthew Buckett
  VLE Developer, LTG, Oxford University Computing Services

More information about the production mailing list