Network nirvana [Re: Since Fedora is not aimed at enterpise/business ..]
Chris Ricker
kaboom at gatech.edu
Thu Oct 2 14:02:21 UTC 2003
On Thu, 2 Oct 2003, Felipe Alfaro Solana wrote:
> > There are a few defaults in Red Hat which could be tuned better -- for
> > example, last I looked, Red Hat randomly used a different default encryption
> > for tickets than any other MIT-derived Kerberos, which makes things "fun" if
> > you have, say, Solaris and Red Hat around. Good luck designing a GUI which
> > can walk admins through diagnosing that ;-)
>
> Don't know what are you talking about, but I've several boxes running on
> Red Hat (with MIT Kerberos) and two other with SuSE Linux 8.2 (running
> Heimdal) and they are totally and seamlessly interoperable.
MIT Kerberos, as downloaded from MIT, uses des3-hmac-sha1 for key
encryption, and that's what most other MIT derivatives (like Solaris) use.
RH for some reason changes that to des-cbc-crc (which is a weaker
encryption). Some things go "Boom!" when trying to interoperate between the
two as a result.
later,
chris
More information about the fedora-devel-list
mailing list