[Deploying Sakai] Kerberos Provider and JDK 6 Update 26
matthew.buckett at oucs.ox.ac.uk
Thu Jul 21 07:14:26 PDT 2011
On Tue, Jul 19, 2011 at 6:20 PM, Martin B. Smith <smithmb at ufl.edu> wrote:
> On 07/13/2011 01:13 PM, Martin B. Smith wrote:
>> I'm currently continuing to work with Redhat, Oracle, and the person who
>> wrote the 'fixes' released in update 25. As I said, I'd love to resolve
>> it and get update 26 applied..
> Hi all,
> I have an update to this issue. It looks like the issue grew out of some
> particular encryption types, plus their salts, on the KDC that are handled
> differently in Java as of update 25. The workaround is to remove the
> offending encryption types that Java isn't handling correctly, and then
> force an update of the principal.
Do you mean remove them from the KDC?
I'd been trying with a kerberos config of:
default_realm = OX.AC.UK
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
but having no success.
> The Oracle folks tell me it will be fixed in 6u28, which should be released
> in October.
:-) Thanks for the update. Is there a Oracle bug ID that you know of?
VLE Developer, LTG, Oxford University Computing Services
More information about the production