[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Network nirvana [Re: Since Fedora is not aimed atenterpise/business ..]



On Thu, 2003-10-02 at 08:02, Chris Ricker wrote:
> On Thu, 2 Oct 2003, Felipe Alfaro Solana wrote:
> 
> > > There are a few defaults in Red Hat which could be tuned better -- for
> > > example, last I looked, Red Hat randomly used a different default encryption
> > > for tickets than any other MIT-derived Kerberos, which makes things "fun" if
> > > you have, say, Solaris and Red Hat around. Good luck designing a GUI which 
> > > can walk admins through diagnosing that ;-)
> > 
> > Don't know what are you talking about, but I've several boxes running on
> > Red Hat (with MIT Kerberos) and two other with SuSE Linux 8.2 (running
> > Heimdal) and they are totally and seamlessly interoperable.
> 
> MIT Kerberos, as downloaded from MIT, uses des3-hmac-sha1 for key
> encryption, and that's what most other MIT derivatives (like Solaris) use.  
> RH for some reason changes that to des-cbc-crc (which is a weaker
> encryption). Some things go "Boom!" when trying to interoperate between the
> two as a result.
> 

I think there is a lower amount of paperwork (or there was) for shipping
with des-cbc-crc than des3-hmac-sha1


-- 
Stephen John Smoogen		smoogen lanl gov
Los Alamos National Lab  CCN-5 Sched 5/40  PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S  Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]