[Andreas B. Mundt]
For kerberized NFSv4 on squeeze 6.0.4 you need:
[libdefaults]
permitted_enctypes = des-cbc-crc
allow_weak_crypto = true
This setting broke Kerberos authentication using pam_sss. I found
lines like this in the server kdc.log:
Jan 31 15:26:42
On 01/31/2012 07:41 PM, Petter Reinholdtsen wrote:
[Andreas B. Mundt]
For kerberized NFSv4 on squeeze 6.0.4 you need:
[libdefaults]
permitted_enctypes = des-cbc-crc
allow_weak_crypto = true
This setting broke Kerberos authentication using pam_sss. I found
lines like
Luk Claes l...@debian.org writes:
The allow_weak_crypto = true alone should be enough to get the weak (cbc
ones) to work again AFAIK. Though unless one has old clients that don't
work with stronger encryption it's better to make sure there is a better
encryption method used for the nfs server
On 01/31/2012 02:10 PM, Russ Allbery wrote:
I personally have never used Kerberized NFS (we're an AFS site), so I'm
not really the one to comment on what enctypes NFS requires. I don't
track NFS development at all. But if NFS is no longer limited to DES,
it's very likely that it now supports
Daniel Kahn Gillmor d...@fifthhorseman.net writes:
Recent versions of the nfs userland (1.2.5 and up, i think) rely on
getting a report from the kernel about what enctypes the kernel
supports.
I think that data is usually reported by the kernel in
/proc/fs/nfsd/supported_krb5_enctypes,
Package: nfs-kernel-server
Version: 1:1.2.2-4squeeze2
Severity: important
Hi,
after upgrading today to the 6.0.4 point release, kerberized NFSv4 mounting
ceased to work.
I assume this is related to the upgrade mentioned in the point release
anouncement:
nfs-utils Allow
6 matches
Mail list logo