[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Network nirvana [Re: Since Fedora is not aimed at enterpise/business..]



On Thu, 2 Oct 2003, Felipe Alfaro Solana wrote:

> > There are a few defaults in Red Hat which could be tuned better -- for
> > example, last I looked, Red Hat randomly used a different default encryption
> > for tickets than any other MIT-derived Kerberos, which makes things "fun" if
> > you have, say, Solaris and Red Hat around. Good luck designing a GUI which 
> > can walk admins through diagnosing that ;-)
> 
> Don't know what are you talking about, but I've several boxes running on
> Red Hat (with MIT Kerberos) and two other with SuSE Linux 8.2 (running
> Heimdal) and they are totally and seamlessly interoperable.

MIT Kerberos, as downloaded from MIT, uses des3-hmac-sha1 for key
encryption, and that's what most other MIT derivatives (like Solaris) use.  
RH for some reason changes that to des-cbc-crc (which is a weaker
encryption). Some things go "Boom!" when trying to interoperate between the
two as a result.

later,
chris




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]