Siebel Support for Encryption

My customer needs documentation detailing Siebel's support for encryption protocols across all layers
i.e
1) User Interface,
2) Web Session / Transport
3) Database Layer
4) Logs. Cookies
Is there any documentation that someone has prepared from field experience? or does product management maintain any such document?
Any pointer would indeed help! Look fwd. to your inputs.
Regards,
Rakesh

Rakesh,
I would start with the Bookshelf section on Encryption in the Security Guide. Beyond that I am not aware of any single document that addresses all types of encryption. Basic observations follow:
1. User Interface -- Since this is a web application, not sure how this differs from "Web Session". The communications between the end user's browser and the Siebel Web Server can be secured with standard SSL. Higher key lengths require that the Siebel Strong Encryption Pack be installed on both the Siebel Web Server(s) and the Siebel Application Server(s).
2. Web Session / Transport -- The SISNAPI communications between the various Siebel servers can by encrypted using RSA, MSCrypto, or SSL.
3. Database Layer -- This is dependent on the database being used and would be set at the client level for transport. As long as it is transparent to the Siebel application object manager, it should be fine. In terms of actual data storage, Siebel can do field level encryption for specific fields. Alternatively, database encryption utilities such as Oracle's Transparent Data Encryption (TDE) can be used as long as it is transparent to the Siebel application. Encryption of local databases are more restrictive and involve either encrypting the whole local database or not encrypting the local database.
4. Logs and Cookies -- Logs are not encrypted. Cookies can be encrypted in transit when using SSL. Also the session identifier can be encrypted.
Hope this information is at least somewhat helpful.
Stevan

Similar Messages

  • Command-line support for encrypted images

    Hi,
    Is there any support in asr for performing restores using an encrypted image directly? I can't seem to find anything. It isn't much of a burden I guess to mount the image and then use it (now that I know that, anyway), but it seems like an oversight that asr can't just be given a password directly.
    Similarly for hdiutil, it has some support for encrypted images, but some things seem to be missing. At the very least you can't convert an encrypted image into an unencrypted image because convert doesn't understand that.
    Are these known issues? Are there plans to add this functionality? Or is it considered unnecessary since there's other ways around it?
    tom

    Sorry for my ignorance, when you say you installed every driver in there are you referring to adding them to the driver database or to your bootwim. Also if you cant grab the logs you might be able to get a report based on an unknown system, look in reporting
    under "History of a task sequence deployment on a computer" if there was anything recorded before it bombed out you might be able to get some info. 
    Im still leaning towards a network driver though, can you snap an image of the drivers you have loaded into your preferred bootwim.

  • KDC has no support for encryption type (14)

    I have come across a posting on "KDC has no support for encryption type (14)" - " http://www.webservertalk.com/message1277232.html"
    and believe that I am hitting the same problem. However, there is no solution. Can anybody help?
    I have done all the necessary steps suggested, including changing the registry and removing the unwanted SPN, but the error still there. The only different is probably I combined WebLogic and AD in one machine. But, does that make any difference?
    Client
    ====
    Name: ssoclient.ssow2k.com
    OS: Win XP SP2
    Server
    =====
    Name: ssow2kserver.ssow2k.com
    OS: Windows 2000 Advanced Server SP4
    WLS: BEA WebLogic 8.1.4
    <<Registry>>
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01
    The following is the WebLogic myserver log for your reference:
    ========================================================================================
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Admin>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Operator>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Deployer>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: Monitor>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(Admin,Operator,Deployer,Monitor)}>
    ####<Apr 6, 2006 2:55:20 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(Admin,Operator,Deployer,Monitor)} successfully deployed for resource type=<url>, application=console, contextPath=/console, uri=/*>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=GET>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Resource: type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Role:>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> < roleName: DCMS_ROLE>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): Built role expression of {Rol(DCMS_ROLE)}>
    ####<Apr 6, 2006 2:55:22 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <main> <<WLS Kernel>> <> <000000> <Default Authorization deployPolicy(): policy {Rol(DCMS_ROLE)} successfully deployed for resource type=<url>, application=mySampleWebApp, contextPath=/mysamplewebapp, uri=/*, httpMethod=POST>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> < PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    ####<Apr 6, 2006 3:02:07 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Found Negotiate with SPNEGO token>
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: ' weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext (GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity (SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm (CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ####<Apr 6, 2006 3:02:08 PM GMT+08:00> <Debug> <SecurityDebug> <ssow2kserver> <myserver> <ExecuteThread: '14' for queue: 'weblogic.kernel.Default'> <<WLS Kernel>> <> <000000> <Exception weblogic.security.providers.utils.NegotiateTokenException: GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    weblogic.security.providers.utils.NegotiateTokenException : GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:419)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity (PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java :199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute (ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    ========================================================================================
    The following are some krb5 packets captured. I suspected it is due to the encryption type used - RC4-HMAC:
    ========================================================================================
    KRB5 (AS-REQ)
    ============
    No. Time Source Destination Protocol Info
    125 10.301166 10.122.1.2 10.122.1.200 KRB5 AS-REQ
    Frame 125 (345 bytes on wire, 345 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.848903000
    Time delta from previous packet: 0.008330000 seconds
    Time since reference or first frame: 10.301166000 seconds
    Frame Number: 125
    Packet Length: 345 bytes
    Capture Length: 345 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 331
    Identification: 0x0158 (344)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x208d [correct]
    Source: 10.122.1.2 (10.122.1.2 )
    Destination: 10.122.1.200 (10.122.1.200)
    User Datagram Protocol, Src Port: 1075 (1075), Dst Port: kerberos (88)
    Source port: 1075 (1075)
    Destination port: kerberos (88)
    Length: 311
    Checksum: 0x1133 [correct]
    Kerberos AS-REQ
    Pvno: 5
    MSG Type: AS-REQ (10)
    padata: PA-ENC-TIMESTAMP PA-PAC-REQUEST
    Type: PA-ENC-TIMESTAMP (2)
    Type: PA-PAC-REQUEST (128)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40810010 (Forwardable, Renewable, Canonicalize, Renewable OK)
    Client Name (Principal): ssouser
    Realm: SSOW2K.COM
    Server Name (Service and Instance): krbtgt/SSOW2K.COM
    till: 2037-09-13 02:48:05 (Z)
    rtime: 2037-09-13 02:48:05 (Z)
    Nonce: 1870983219
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    HostAddresses: SSOCLIENT<20>
    KRB5 (AS-REP)
    ============
    No. Time Source Destination Protocol Info
    126 10.303156 10.122.1.200 10.122.1.2 KRB5 AS-REP
    Frame 126 (1324 bytes on wire, 1324 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.850893000
    Time delta from previous packet: 0.001990000 seconds
    Time since reference or first frame: 10.303156000 seconds
    Frame Number: 126
    Packet Length: 1324 bytes
    Capture Length: 1324 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1310
    Identification: 0x0a0f (2575)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1403 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1075 (1075)
    Source port: kerberos (88)
    Destination port: 1075 (1075)
    Length: 1290
    Checksum: 0xb637 [correct]
    Kerberos AS-REP
    Pvno: 5
    MSG Type: AS-REP (11)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: E3610239EACDD0E6D4E89AA7D81A355F6C93B95D95B13B56...
    KRB5 (TGS-REQ)
    ============
    No. Time Source Destination Protocol Info
    127 10.309350 10.122.1.2 10.122.1.200 KRB5 TGS-REQ
    Frame 127 (1307 bytes on wire, 1307 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.857087000
    Time delta from previous packet: 0.006194000 seconds
    Time since reference or first frame: 10.309350000 seconds
    Frame Number: 127
    Packet Length: 1307 bytes
    Capture Length: 1307 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: 10.122.1.2 (00:0c:29:17:9a:be), Dst: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Destination: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Source: 10.122.1.2 (00:0c:29:17:9a:be)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.2 (10.122.1.2), Dst: 10.122.1.200 (10.122.1.200)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1293
    Identification: 0x0159 (345)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1cca [correct]
    Source: 10.122.1.2 (10.122.1.2)
    Destination: 10.122.1.200 ( 10.122.1.200)
    User Datagram Protocol, Src Port: 1076 (1076), Dst Port: kerberos (88)
    Source port: 1076 (1076)
    Destination port: kerberos (88)
    Length: 1273
    Checksum: 0xd085 [correct]
    Kerberos TGS-REQ
    Pvno: 5
    MSG Type: TGS-REQ (12)
    padata: PA-TGS-REQ
    Type: PA-TGS-REQ (1)
    KDC_REQ_BODY
    Padding: 0
    KDCOptions: 40800000 (Forwardable, Renewable)
    Realm: SSOW2K.COM
    Server Name (Service and Instance): HTTP/ssow2kserver.ssow2k.com
    till: 2037-09-13 02:48:05 (Z)
    Nonce: 1871140380
    Encryption Types: rc4-hmac rc4-hmac-old rc4-md4 des-cbc-md5 des-cbc-crc rc4-hmac-exp rc4-hmac-old-exp
    Encryption type: rc4-hmac (23)
    Encryption type: rc4-hmac-old (-133)
    Encryption type: rc4-md4 (-128)
    Encryption type: des-cbc-md5 (3)
    Encryption type: des-cbc-crc (1)
    Encryption type: rc4-hmac-exp (24)
    Encryption type: rc4-hmac-old-exp (-135)
    KRB5 (TGS-REP)
    ============
    No. Time Source Destination Protocol Info
    128 10.310791 10.122.1.200 10.122.1.2 KRB5 TGS-REP
    Frame 128 (1290 bytes on wire, 1290 bytes captured)
    Arrival Time: Apr 6, 2006 13:49:54.858528000
    Time delta from previous packet: 0.001441000 seconds
    Time since reference or first frame: 10.310791000 seconds
    Frame Number: 128
    Packet Length: 1290 bytes
    Capture Length: 1290 bytes
    Protocols in frame: eth:ip:udp:kerberos
    Ethernet II, Src: Vmware_59:2c:e6 (00:0c:29:59:2c:e6), Dst: 10.122.1.2 (00:0c:29:17:9a:be)
    Destination: 10.122.1.2 (00:0c:29:17:9a:be)
    Source: Vmware_59:2c:e6 (00:0c:29:59:2c:e6)
    Type: IP (0x0800)
    Internet Protocol, Src: 10.122.1.200 (10.122.1.200), Dst: 10.122.1.2 (10.122.1.2)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    0000 00.. = Differentiated Services Codepoint: Default (0x00)
    .... ..0. = ECN-Capable Transport (ECT): 0
    .... ...0 = ECN-CE: 0
    Total Length: 1276
    Identification: 0x0a10 (2576)
    Flags: 0x00
    0... = Reserved bit: Not set
    .0.. = Don't fragment: Not set
    ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: UDP (0x11)
    Header checksum: 0x1424 [correct]
    Source: 10.122.1.200 (10.122.1.200)
    Destination: 10.122.1.2 (10.122.1.2)
    User Datagram Protocol, Src Port: kerberos (88), Dst Port: 1076 (1076)
    Source port: kerberos (88)
    Destination port: 1076 (1076)
    Length: 1256
    Checksum: 0x1318 [correct]
    Kerberos TGS-REP
    Pvno: 5
    MSG Type: TGS-REP (13)
    Client Realm: SSOW2K.COM
    Client Name (Principal): ssouser
    Ticket
    enc-part rc4-hmac
    Encryption type: rc4-hmac (23)
    Kvno: 1
    enc-part: 4D2A9E8590CC716EA6571B093B6FAF89537B0B89F832C073...
    ========================================================================================
    Can anybody enlighten me on how you solve this problem? Thanks.

    I ran into this error and caught the error code to remind me to edit the registry.
    if (sError.contains("KDC has no support for encryption type (14)")){
                        JOptionPane.showMessageDialog(null,"Error " + ThisErrorCode.myErrorCode() + '\n' +
                        " http://support.microsoft.com/default.aspx?scid=kb;en-us;308339" + '\n' + '\n' +
                        "There is a known issue involving Windows clients running Windows 2000 SP4, XP SP2." + '\n' +
                        "To avoid the error, administrators need to update the Windows registry." + '\n' +
                        "The registry key, allowtgtsessionkey, should be added, and its value set correctly" + '\n' +
                        "to allow session keys to be sent in the Kerberos Ticket-Granting Ticket." + '\n' + '\n' +
                        "Windows XP SP2, add the registry entry:" + '\n' +
                        "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\" + '\n' +
                        "Value Name: allowtgtsessionkey" + '\n' +
                        "Value Type: REG_DWORD" + '\n' +
                        "Value: 0x01" ,null, JOptionPane.ERROR_MESSAGE);
                        System.exit(-1);

  • WebLogic SSO receiving "KDC has no support for encryption type (14)" error

    Hello,
    I am trying to implement SSO using an Off-the-Shelf app running on WebLogic, but receiving "KDC has no support for encryption type (14)" error. I have set the AD Server to “Use DES encryption types for this account” . I have added 'allowtgtsessionkey' registry entry on the client machine as well as the Windows Server on which WebLogic is running. My klist results on the client machine still seems to indicate AD is sending RC4 encryption format (please confirm looking at the results below). I am also attaching the WebLogic error log. I am slo seeing 2 errors at the very beginning of the WebLogic log when I restart the appserver.
    % KLIST output
    C:\Program Files\Resource Kit>klist tickets
    Cached Tickets: (2)
    Server: krbtgt/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    Server: HTTP/[email protected]
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
    End Time: 8/27/2008 1:52:56
    Renew Time: 9/2/2008 15:52:56
    % WebLogic Error
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.realm was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 28, 2008 8:43:02 AM MDT> <Debug> <SecurityDebug> <000000> <java.security.krb5.kdc was not defined, this could cause problems using Kerberos for negotiation>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <Default Authorization isAccessAllowed(): returning PERMIT>
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <DefaultAdjudicatorImpl.adjudicate results: PERMIT >
    <Aug 26, 2008 8:26:18 AM MDT> <Debug> <SecurityDebug> <000000> <AuthorizationManager.isAccessAllowed returning adjudicated: true>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is devmax01.http.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    KeyTab: load() entry length: 60
    KeyTabInputStream, readName(): DEV.DENVERWATER.ORG
    KeyTabInputStream, readName(): HTTP
    KeyTabInputStream, readName(): devmax01principal's key obtained from the keytab
    principal is HTTP/[email protected]
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 3 1 1
    KrbKdcReq send: kdc=10.143.60.1 UDP:88, timeout=30000, number of retries =3, #bytes=252
    KDCCommunication: kdc=10.143.60.1 UDP:88, timeout=30000,Attempt =1, #bytes=252
    KrbKdcReq send: #bytes read=1311
    KrbKdcReq send: #bytes read=1311
    EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
    KrbAsRep cons in KrbAsReq.getReply HTTP/devmax01Added server's keyKerberos Principal HTTP/[email protected] Version 4key EncryptionKey: keyType=3 keyBytes (hex dump)=
    0000: B3 86 A4 E5 83 0E 6D 9E
    [Krb5LoginModule] added Krb5Principal HTTP/[email protected] to Subject
    Commit Succeeded
    Found key for HTTP/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> < GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    >
    <Aug 26, 2008 8:26:27 AM MDT> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>

    dins wrote:Do you think the klist output in my original posting confirms that AD is not encrypting tickets in DES format ?Yes, the current line prove it :
    KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)The fact is that Microsoft seems to use by default the RC4-HMAC-MD5 encryption type for AD.
    Try to specify only des for encryption type in both your krb5.conf
    [libdefaults]
        default_realm = ...
        default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        ...and kdc.conf
    [realms]
       REALM = {
            kadmind_port = ...
            max_life = ...
            max_renewable_life = ...
            master_key_type = ddes-cbc-md5 des-cbc-crc des3-cbc-sha1
            supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
            kdc_supported_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
        }If it still does not work, I'm out of ammo ;-).

  • Problem: KDC has no support for encryption type (14)

    hi, I have dealing the problem for long time and no response in bea forum.
    I feel very exhausted when checking mit's kerberos mailist and sun forum. Any try every method they provide but not success.
    first I generate the keytab using w2k's ktpass
    ktpass -princ HTTP/[email protected] -mapuser weblogic -pass weblogic -out dlsvr_keytab -crypto des-cbc-crc
    and it turn out to be successful.
    My W2KSP4 KDC Config is:
    c:\winnt\krb5.ini-----------------------------
    [libdefaults]
    default_realm = DLSVR.COM
    default_tkt_enctypes = des-cbc-crc
    default_tgs_enctypes = des-cbc-crc
    ticket_lifetime = 600
    [realms]
    DLSVR.COM = {
    kdc = 192.168.2.231
    admin_server = dlserver
    default_domain = DLSVR.COM
    [domain_realm]
    .dlsvr.com= DLSVR.COM
    [appdefaults]
    autologin = true
    forward = true
    forwardable = true
    encrypt = true
    i also set des type in AD Accout and also reset password after that
    i create my keytab using des-cbc-crc as you can see in the log below :
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
    KeyTab: load() entry length: 50
    KeyTabInputStream, readName(): DLSVR.COM
    KeyTabInputStream, readName(): host
    KeyTabInputStream, readName(): weblogic
    KeyTab: load() entry length: 44
    KeyTabInputStream, readName(): dlsvr.com
    KeyTabInputStream, readName(): weblogic
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: e9889c7a
    crc32: 11101001100010001001110001111010
    KrbAsReq calling createMessage
    KrbAsReq in createMessage
    KrbAsReq etypes are: 1
    KrbKdcReq send: kdc=192.168.2.231 UDP:88, timeout=30000, number of retries =3, #bytes=216
    KDCCommunication: kdc=192.168.2.231 UDP:88, timeout=30000,Attempt =1, #bytes=216
    KrbKdcReq send: #bytes read=1217
    KrbKdcReq send: #bytes read=1217
    EType: sun.security.krb5.internal.crypto.DesCbcCrcEType
    crc32: 54c176ae
    crc32: 1010100110000010111011010101110
    KrbAsRep cons in KrbAsReq.getReply host/weblogicFound key for host/[email protected]
    Entered Krb5Context.acceptSecContext with state=STATE_NEW
    <2005-11-8 ����06��09��39�� CST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no
    support for encryption type (14))
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:734)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
    at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:371)
    at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserterProvider
    Impl.java:201)
    at weblogic.security.service.PrincipalAuthenticator.assertIdentity(PrincipalAuthenticator.java:553)
    at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(CertSecurityModule.java:104)
    at weblogic.servlet.security.internal.SecurityModule.beginCheck(SecurityModule.java:199)
    at weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecurityModule.java:86)
    at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:145)
    at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3685)
    at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644)
    at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
    at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
    So i don't know why win2k's KDC not support the des-cbc-crc,
    Any Help or Clue woud be highly appreciated!
    david

    Exception was: javax.naming.AuthenticationException: KDC has no support for encryption type (14) [Root exception is KrbException: KDC has no support for encryption type (14)]
    at com.sco.tta.server.security.java14.KerberosAuth.login(KerberosAuth.java:286)
    at com.sco.tta.server.login.ADLoginAuthority.authenticate(ADLoginAuthority.java:39 0)
    Cause 2: This exception is thrown when using native ticket cache on some Windows platforms. Microsoft has added a new feature in which they no longer export the session keys for Ticket-Granting Tickets (TGTs). As a result, the native TGT obtained on Windows has an "empty" session key and null EType. The effected platforms include: Windows Server 2003, Windows 2000 Server Service Pack 4 (SP4) and Windows XP SP2.
    Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
    On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
    Value Name: allowtgtsessionkey
    Value Type: REG_DWORD
    Value: 0x01 ( default is 0 )
    By default, the value is 0; setting it to "0x01" allows a session key to be included in the TGT.

  • GSSException"KDC has no support for encryption type (14)" on token exchange

    I'm stumped. Just started working with an MIT KDC v5 1.3.1 running on Linux and trying to get the IBM sample apps (GSSClient and GSSServer) working. The apps are here: http://www-106.ibm.com/developerworks/java/library/j-gss-sso/
    I have two principals set up using defaults: one for the client and one for the server. The GSSClient, GSSServer and KDC are all running on the same machine in the same Realm.
    I start the server just fine and it waits with:
    GSSServer starts... Waiting for incoming connectionWhen I run the client the client authentictes and the context is successsfully created. However, the GSSServer throws an Exception:
    GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
    at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
    at com.ourcorp.caa.security.GSSServer.run(GSSServer.java:138)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Unknown Source)
    at com.ourcorp.caa.security.GSSServer.startServer(GSSServer.java:98)
    at com.ourcorp.caa.security.GSSServer.main(GSSServer.java:71)
    The client also throws an Exception:
    GSSClient... Getting client credentials
    GSSClient... GSSManager creating security context
    GSSClient...Sending token to server over secure context
    GSSClient...Secure context initialized
    GSSClient...Written 511 bytes
    GSSClient...Exception nulljava.io.EOFException
    at java.io.DataInputStream.readInt(DataInputStream.java:448)
    at com.ourcorp.caa.security.GSSClient.run(GSSClient.java:184)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:320)
    at com.ourcorp.caa.security.GSSClient.login(GSSClient.java:117)
    at com.ourcorp.caa.security.GSSClient.main(GSSClient.java:63)
    Client authentication denied...
    This happens consistently and I cannot get passed this point! The weird thing is, is that the same thing happens using the Windows 2003 Server KDC! Same Exception.
    Can anyone help me understand what is causing this? The Exception mentions "KDC has no support for encryption type (14)" but we're not specifying any encryption type other than the defaults. The principals are the same as far as I know.
    Thanks.

    Interesting I managed to get this example to work but I had to create two principals (one for the client one for the server) with encryption types of "des-cbc-crc:normal" only . It seems that a with principal with "des-cbc-crc:normal" and "des3-hmac-sha1:normal" encryption types causes the Exception. So, the question I have is: does the GSS API support TripleDES or what? The KDC is obviosuly trying to use it for the user-user exchange but fails.
    Anyone got any ideas? Thanks.

  • KDC has no support for encryption type (14) in windows 2008

    The active directory is a windows 2008 box. I am not mentioning any encryption types in krb5.ini. I know that we should add some registry entries in Windows 2003 and XP. But I was not able to find something similar to those, corresponding to windows 2008. I also tried adding the registry that was meant for windows 2003. But it din't work.
    Any help appreciated.
    Thanks in advance

    Sorry for a very late response and for not providing adequate information in my question.
    I have Active Directory is in windows 2008 box and my application runs in a windows 2003 box. Its a very simple configuration and there is just one domain configured in the AD(no forest, no parent-child domains).
    my login.config file looks like this
    KerbAuth4Portal{
    com.sun.security.auth.module.Krb5LoginModule required debug=true refreshKrb5Config=true;
    and the krb5.conf looks like this
    [libdefaults]
    default_realm = KERB.WHIGFIELD.COM
    [domain_realm]
    .kerb.whigfield.com = KERB.WHIGFIELD.COM
    [realms]
    KERB.WHIGFIELD.COM = {
    kdc = Ferrari-w2k8Vm1.kerb.whigfield.com
    This is my method
         public void authenticateForPortal(String userName, String password)
                   throws AuthenticationException {
              LoginContext lc = null;
              Subject subject = null;
              try {
                   // String pwd= EncryptData.decryptString(password);
                   // userName = "[email protected]";
                   // userName = helper.convertDN2KerberosPrincipal(userName);
                   // password = "control";
                   lc = new LoginContext("KerbAuth4Portal", new LdapCallbackHandler(
                             userName, password));
                   lc.login();
                   logTicketAttributes(lc);
                   subject = lc.getSubject();
                   log.debug("Authenticated subject" + subject);
              } catch (LoginException le) {
                   log.error("Login failed-", le);
                   throw new AuthenticationException("Failed to login -"
                             + le.getMessage());
    and this is the exception I am getting
    javax.naming.AuthenticationException: Failed to login -KDC has no support for encryption type (14)
    But if I set the useTicketCache to true, then I am not getting this issue, but it the authentication happens with the user present in ticket cache and not with the user passed in my method
    Any help appreciated.
    Thanks in advance

  • KDC has no support for encryption type

    Hi,
    I hope not too much people are not reading this post because of the very common error message. But I'm really somewhat confused:
    For testing Kerberos 5 SSO I set up a little domain controller running Windows 2003 Server and a client in the domain running Windows XP. In the active directory I created a service account with the logon test-service and a user account test-user. The switch "Use DES encryption types for this account" is set for both accounts and I reseted the passwords after setting the switch. Additionally I added a service principal name test/test.krbtest.local to the service account.
    On the client machine I execute a very simple JAVA client program that tries to obtain a service ticket for the service test/test.krbtest.local. If I configure the client to prompt for a password, the service ticket is obtained without a problem using etype 3 (sun.security.krb5.internal.crypto.DesCbcMd5EType). But when trying to read the existing TGT from the native windows cache the client exits with:
    KDC has no support for encryption type (14)The debug output tells the following:
    >>> Obtained TGT from LSA: Credentials:
    [email protected]
    server=krbtgt/[email protected]
    authTime=20070413112833Z
    startTime=20070413112833Z
    endTime=20070413212833Z
    renewTill=20070420112833Z
    flags: FORWARDABLE;RENEWABLE;INITIAL;PRE-AUTHENT
    EType (int): 0
    Principal is [email protected]
    Commit Succeeded
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
    Entered Krb5Context.initSecContext with state=STATE_NEW
    Found ticket for [email protected] to go to krbtgt/[email protected] expiring on Fri Apr 13 23:28:33 CEST 2007
    Service ticket not found in the subject
    Credentials acquireServiceCreds: same realmUsing builtin default etypes for default_tgs_enctypes
    default etypes for default_tgs_enctypes: 3 1 23 16 17.
    CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
    EType: sun.security.krb5.internal.crypto.NullEType...Note that it says "Etype (int): 0" which I think is no valid encryption type at all. klist (from the windows resource kit) tells me that my tickets look like:
    Server: krbtgt/[email protected]
        KerbTicket Encryption Type: RSADSI RC4-HMAC(NT)
        End Time: 4/13/2007 23:28:33
        Renew Time: 4/20/2007 13:28:33
    ...But as mentioned above I set the option "Use DES encryption types for this account" for both the user and service account. Am I doing something wrong here??
    Additionally I thought JAVA 1.5.11 would support RC4-HMAC, is that wrong?
    Even more confusing:
    If I remove the "Use DES encryption types for this account" switch for the two accounts and configure my JAVA client program to prompt for a password, a ticket is obtained using the RC4-HMAC encryption type 23 (sun.security.krb5.internal.crypto.ArcFourHmacEType). But using the ticket from the cache again does not work.
    I'd appreciate any comments on that since I'm totally confused by now and have no idea on how to get this SSO thing working correctly in JAVA.
    Cheers
    P.S.:
    I just wanted to mention that adding
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmacto my krb5.ini has no effect on the desribed behaviour
    Message was edited by:
    sherazade

    Ok,
    perhaps I should have looked around the forum a little bit more in-depth...
    Setting the AllowTGTSessionKey registry key to 1 solves this issue...
    thanks

  • New Airport Extreme (802.11ac) Support for Encrypted USB Disk

    The old Time Capsule and Airport Extreme apparently did not support a filevault2 encrypted USB disk for storing files like an NAS (not talking about a time machine backup).  Does anyone know whether the newly released Airport or Time Capsule now supports the encrypted disk?

    I do not think that USB encrypted disks are supported...and would be surprised if they were....but will know for sure late tomorrow.
    Will update at that time if no one else has answered before that time.
    The fact that Apple still has a USB 2.0 port on the new AirPort products might be a clue as well.

  • Synology NAS: no NFS support for encrypted folders / alternatives ?

    Dear all,
    I recently bought a Synology DS710+ NAS. It comes with DSM2.3, and I am a bit disappointed to notice that encrypted shared folders cannot be exported using NFS. This is a problem since I need uid/gid and file permissions to be fully preserved, and that it's not the case with CIFS or AFP.
    Why such a limitation ? Can you think about reliable alternatives ?
    Cheers,
    Aurélien.

    Might not be helpful since I know NOTHING about synology devices...
    A friend of mine managed to make his setup with synology sweet and i believe he customized NFS/network shares.
    http://befreely.blogspot.com/2010/04/nas-setup.html
    https://sites.google.com/a/befreely.dyn … x/synology
    Let me know if it helps!
    Last edited by anthonyclark (2010-09-24 01:11:17)

  • IE8 Support for Siebel Analytics 7.8.5

    Hi Experts,
    Currently my company has given me the task to check the issues of IE8 support for Siebel Analytics as they are trying to upgrade IE6 to IE8.
    So I have the following queries:
    1. Will Siebel Analytics 7.8.5 supports IE8?
    2. If not, then is there any patch available for 7.8.5 version to support IE8?
    3. What are the other options there might be?
    Please let me know your inputs.
    Regards
    Sudipta

    Sudipta Gupta wrote:
    Hi Experts,
    Currently my company has given me the task to check the issues of IE8 support for Siebel Analytics as they are trying to upgrade IE6 to IE8.
    So I have the following queries:
    1. Will Siebel Analytics 7.8.5 supports IE8?Yes
    2. If not, then is there any patch available for 7.8.5 version to support IE8?No patch required
    3. What are the other options there might be?You might face some issues with GUI but no any major techical promblem
    Hope this clears your doubt

  • Extended Support For Siebel 7.8 post June 2013

    Hello All,
    Considering siebel 7.8 is retiring this year, what are the support options available post retirement. One of our client wants to replace siebel with another tool and have used very limited support in past from oracle. What do you think is the best solution during this transition phase of switching from Siebel to another tool.
    Basically, I am looking for cost efficient and limited support options.
    Thanks in advance!
    Regards,
    Summity Gupta

    Sudipta Gupta wrote:
    Hi Experts,
    Currently my company has given me the task to check the issues of IE8 support for Siebel Analytics as they are trying to upgrade IE6 to IE8.
    So I have the following queries:
    1. Will Siebel Analytics 7.8.5 supports IE8?Yes
    2. If not, then is there any patch available for 7.8.5 version to support IE8?No patch required
    3. What are the other options there might be?You might face some issues with GUI but no any major techical promblem
    Hope this clears your doubt

  • Siteminder Support for Siebel 8.x

    According to CA Web Site, the Siebel Agent for Siteminder supports 7.8. Siebel 8.x is not mentioned.
    Does anyone know when Siteminder will support Siebel 8?
    Thanks
    Roy Chesnut

    Hi Shweta,
    Thanks for using Oracle Communities. Regarding your query, please refer Pracle Lifetime Support Policy document at below link:
    http://www.oracle.com/us/support/library/lifetime-support-applications-069216.pdf
    As per this document, Premier Support ends for 8.1.1.11 on Nov 2017 and Extended Support ends on Nov 2020.
    There is no separate support policy for HI. HI application will be supported along with Open UI. Hope this helps.
    Thanks & Regards,
    Arpit Jain
    Was our answer helpful?
    If your question has been resolved by a reply would you be so kind to mark the reply as correct or helpful. This will
    help others that may have the same question to easily find a resolution.

  • Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2

    Is Weblogic 11g supports for Kerberos AES/RC4 Encryption on Windows 2008 R2?
    Thanks,

    DES is disabled by default on 2008, could this DC be a Windows 2003?  If so then this would be the expected encyption.
    The following is the list of the encryption available for each Windows system
    Windows 2000,  XP,Windows Server 2003:     
    DES, RC4          
             Vista
    , Windows Server 2008:      DES, RC4,AES          
             Windows 7 and  Windows Server  2008 R2:     DES(disabled by default), RC4,AES
    From:
    http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx
    Paul Bergson
    MVP - Directory Services
    MCITP: Enterprise Administrator
    MCTS, MCT, MCSE, MCSA, Security, BS CSci
    2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
    Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
    Please no e-mails, any questions should be posted in the NewsGroup.
    This posting is provided AS IS with no warranties, and confers no rights.

  • JDBC Thin Driver Support for Data Encryption and Integrity

    Hello JDev Team,
    I am trying to implement JDBC Thin Driver Support for Data Encryption and Integrity.
    It works fine with java.sql.Connection and java.util.Properties like in the following code:
    DriverManager.registerDriver(new oracle.jdbc.driver.OracleDriver());
    Properties props = new Properties();
    int level = AnoServices.REQUIRED;
    props.put("oracle.net.encryption_client", Service.getLevelString(level));
    props.put("oracle.net.encryption_types_client", "( RC4_40 )");
    props.put("oracle.net.crypto_checksum_client",Service.getLevelString(level));
    props.put("oracle.net.crypto_checksum_types_client", "( MD5 )");
    Connection conn = DriverManager.getConnection ("jdbc:oracle:thin:@localhost:1521:main", props);
    etc...
    But I am developing an application with InfoSwing components and it has a different way to connect to Oracle database using oracle.dacf.dataset.connections.Connection, like this:
    sessionInfo1.setAppModuleInfo(new ModuleInfo("bc", "BcModule"));
    sessionInfo1.setConnectionInfo(new LocalConnection("JDBCThin"));
    sessionInfo1.publishSession();
    My question is:
    Is there any way to implement DataEncryption and Integrity into this type of connection?
    Thanks a lot in advance.
    Victor Bykov
    null

    Victor,
    No, you can't do this from DAC, but I've been discussing it with the developer, and we both think this capability would be useful to have, so I've logged it as an enhancement request.
    I do have a question for you. Once you've made the JDBC connection, do you need access to the Connection object afterwards? We're thinking of how the change could be implemented, and one way would be to allow you to pass in a Properties object when creating your own NamedConnection.
    Thanks
    Blaise

Maybe you are looking for

  • My ipod shuffle is not harging. It blinks orange 3 times then stops when I install it

    My ipod shuffle is not charging. It blinks orange 3 times then stops when I install it.

  • SGA_LOCK

    Hello, We use Oracle9i Enterprise Edition Release 9.2.0.4.0 - 64bit Production on Solaris 8 2/02 s28s_u7wos_08a Generic_112953-02 on a SunFire 15k. To achieve better performance, we want to lock Oracle memory in OS RAM. This is normaly done using LOC

  • Error Message on MyBT

    Hi, I'm a new BT user - we're having our BT Infinity activated tomorrow - but ever since I registered with MyBT (a week ago!), I have been unable to view anything or do anything on my account. When I log in, I am taken to my account homepage, but the

  • HT201272 How do i re download past audibook purchases?

    Hi, I recently mistakenly deleted more than $400 dollars worth of audiobooks, which I haven't even read/ heard yet, from my ipad and when I tried to redownload them it's telling me I have to buy it again. If there is any way I could redownload those

  • Share library with two Macs

    I am using an iPhoto Libary from different accounts (on one Mac). I can alter anything from each account and the changes have the same effect with the other account. The only restriction is that iPhoto will open with one account at the time. I am loo