[Deploying Sakai] Kerberos Provider and JDK 6 Update 26
Martin B. Smith
smithmb at ufl.edu
Thu Jul 21 07:21:35 PDT 2011
Hi Matt,
On 07/21/2011 10:14 AM, Matthew Buckett wrote:
> Do you mean remove them from the KDC?
>
> I'd been trying with a kerberos config of:
>
> [libdefaults]
> default_realm = OX.AC.UK
> default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
> default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
> permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
>
> but having no success.
Yes, I mean you'll have to remove some of the enctypes that Java is
trying to use with an incorrect salt. Your settings above look
reasonable, but have you tried running wireshark and looking at the
packets exchanged when this fails? That should give you a hint as to
what enctype is triggering the broken behavior from Java.
Note that once you change the settings above, you will need to dump/load
your KDB with the new settings or change the password for each affected
principal.
>> > The Oracle folks tell me it will be fixed in 6u28, which should be released
>> > in October.
> :-) Thanks for the update. Is there a Oracle bug ID that you know of?
I've asked for a bug ID from the Oracle developer I've been working
with, but I haven't heard back yet. I had originally submitted a bug
when I first started working on this issue, but I don't think it ever
got published on the Sun bug site.
Hope this helps,
--
Martin B. Smith
smithmb at ufl.edu - (352) 273-1374
CNS/Open Systems Group
University of Florida
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5129 bytes
Desc: S/MIME Cryptographic Signature
Url : http://collab.sakaiproject.org/pipermail/production/attachments/20110721/5eefb468/attachment.bin
More information about the production
mailing list