On Fri, 2013-07-12 at 14:51 +0000, Ondrej Valousek wrote: > Hard to say. > In general, when dealing w/ nfs & kerberos, I would advise to: > ● Upgrade to the latest fedora > ● Make sure idmapper is configured and working fine > ● Limit krb enctypes to 3des-cbc-crc (not sure if your kernel can > handle aes keys).
3des makes little sense, it is the least used enctype. If you want to be backwards compatible with old kernels you'll have to stick with DES (not 3DES) which is utterly insecure these days. Otherwise go straight to AES and don't look back. Support for AES is available since quite a few fedora release and RHEL6 Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users