Problem with U4 and SUNWcry
Brian Kolaci
Brian.Kolaci at Sun.COM
Fri Feb 22 08:57:24 PST 2008
With the U4 release, it appears the SUNWcry package is now installed
with the base system.
My customer has some Kerberos KDC's that are using an earlier version
of Solaris 10 (U1 or U3 I believe), however when you try to build a
new slave KDC with U4, it fails to communicate with the master due
to an incompatible (albeit stronger) encryption mechanism. If you
remove the SUNWcry package, then it seems to work.
Another test performed was building a client with U4 using a PAM
stack that authenticates against Kerberos and when this client tries
to contact the KDC's from earlier versions, it too fails to communicate
due to incompatible encryption. Again removing SUNWcry seems to resolve
the problem.
Are these known issues? Are there configuration settings that will
resolve these? Is there already a bug filed? (This should work out of
the box).
Thanks,
Brian
More information about the crypto-discuss
mailing list