Hi, I have setup an OpenBSD 7.2 machine running Heimdal 7.7.0 as a Kerberos server. I then have an NFS Linux server running Arch Linux on another machine. I then have a FreeBSD NFS client and another Arch Linux NFS client on other physical hardware (all physical machines on the same LAN).
Without Kerberos, I can mount the NFS share from both FreeBSD and Linux without any problems, but when I try to mount the NFS share on the Linux machine, with Kerberos running, i.e. using "sec=krb5" on exports as well as the mount command, from either the FreeBSD client or the Linux client, I get the following error in the log on the OpenBSD Heimdal server: Oct 29 00:16:54 foo kdc[55215]: Failed to verify AP-REQ: Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 Oct 29 00:16:54 foo kdc[55215]: Failed parsing TGS-REQ from IPv4:192.168.1.4 Oct 29 00:16:54 foo kdc[55215]: tgs-req: sending error: -1765328353 to client Oct 29 00:16:54 foo kdc[55215]: sending 81 bytes to IPv4:192.168.1.4 When I list the key types on the OpenBSD machine, I get: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 On FreeBSD I get: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96 On Linux it's: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac I don't quite understand the error message or whether that is relevant for the key types: Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 But I don't see "hmac-sha1-96-aes256", listed anywhere. I have no prior experience using Kerberos and are wondering if anyone on this list have experience using the Kerberos port on OpenBSD and whether this problem look familiar? Thanks. Cheers!
