[20411] in Kerberos_V5_Development
Re: Session Key through GSS-API
daemon@ATHENA.MIT.EDU (Nico Williams)
Tue Feb 28 15:04:01 2023
Date: Tue, 28 Feb 2023 14:02:37 -0600
From: Nico Williams <nico@cryptonector.com>
To: Stephen Brown <Stephen.Brown@progress.com>
Message-ID: <Y/5d3SM3U1gpxYmn@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <SN4PR13MB52798C23D6A56256C6D6CECC91AC9@SN4PR13MB5279.namprd13.prod.outlook.com>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Tue, Feb 28, 2023 at 05:37:59PM +0000, Stephen Brown via krbdev wrote:
> So, the application is an odbc driver which implements the oracle
> database wire-protocol (which unfortunately is not publicly
> documented). We have found that the session key is needed for cypher
> reinitialization at connect time when using kerberos authentication
> and "oracle advanced security" is enabled on the server. If we use the
> subkey the server is immediately killing the connection. But with the
> session key we're able to connect.
Wait, so Oracle uses the _ticket_'s session key as the session key for
its security layer??
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
