Network nirvana [Re: Since Fedora is not aimed at enterpise/business ..]
Stephen Smoogen
smoogen at lanl.gov
Thu Oct 2 17:08:25 UTC 2003
On Thu, 2003-10-02 at 08:02, Chris Ricker wrote:
> On Thu, 2 Oct 2003, Felipe Alfaro Solana wrote:
>
> > > There are a few defaults in Red Hat which could be tuned better -- for
> > > example, last I looked, Red Hat randomly used a different default encryption
> > > for tickets than any other MIT-derived Kerberos, which makes things "fun" if
> > > you have, say, Solaris and Red Hat around. Good luck designing a GUI which
> > > can walk admins through diagnosing that ;-)
> >
> > Don't know what are you talking about, but I've several boxes running on
> > Red Hat (with MIT Kerberos) and two other with SuSE Linux 8.2 (running
> > Heimdal) and they are totally and seamlessly interoperable.
>
> MIT Kerberos, as downloaded from MIT, uses des3-hmac-sha1 for key
> encryption, and that's what most other MIT derivatives (like Solaris) use.
> RH for some reason changes that to des-cbc-crc (which is a weaker
> encryption). Some things go "Boom!" when trying to interoperate between the
> two as a result.
>
I think there is a lower amount of paperwork (or there was) for shipping
with des-cbc-crc than des3-hmac-sha1
--
Stephen John Smoogen smoogen at lanl.gov
Los Alamos National Lab CCN-5 Sched 5/40 PH: 4-0645
Ta-03 SM-1498 MailStop B255 DP 10S Los Alamos, NM 87545
-- So shines a good deed in a weary world. = Willy Wonka --
More information about the fedora-devel-list
mailing list