On Wed, 2011-11-16 at 20:44 +0100, Thomas Sailer wrote:
> On 11/16/2011 08:40 PM, Simo Sorce wrote:
> > Are you using DES keys ? In that case you probably need to allow weak 
> > crypto on both server and client. Note that if all your server/clients 
> > are FC16 and you have no old ones < FC14 or < RHEL 6 then you do not 
> > need to force the creation of the nfs/ principal to use only DES keys. 
> > Simo. 
> No. I did not use any -e parameter to ipa-getkeytab, so I got 
> aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1 and 
> arcfour-hmac. Also, enctype 18 is AFAIK not weak.
> I also tried enabling weak crypto, and to use only des keys, but that 
> didn't help either.

If you did this on both server and client, then it looks like it is a
nfsd bug, and not a freeipa one.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to