On 08/30/2011 01:25 AM, Luk Claes wrote: > On 08/30/2011 06:16 AM, Daniel Kahn Gillmor wrote: >> I concur with Sean Finney that nfs-utils should Build-Depend on >> libnfsidmap-dev >= 0.24 to ease backporting. >> >> I'm hoping to prepare nfs-utils 1.2.4 as a backport for squeeze, and >> it'd be nice to modify the source package as minimally as possible. > > What features do you need/want from 1.2.4?
the version of nfs-utils in squeeze is only capable of using des-cbc-crc
kerberos tickets. This is a poor choice for network security. No one
setting up a modern system should be using plain DES for anything.
from 1:1.2.3-1:
- Try to use kernel function to determine supported Kerberos
enctypes (258f10f) (Closes: #474037)
Taking advantage of this appears to require the kernel from
squeeze-backports as well, but i don't think that's an unreasonable
tradeoff (and i have verified that it works with 2.6.39-bpo.2, currently
in squeeze-backports).
--dkg
signature.asc
Description: OpenPGP digital signature
