GSSAPI on Linux using Windows AD Servers as KDCs - Errors about Keytab Entries

Kevin Coffman kwc at citi.umich.edu
Mon Jan 7 11:38:00 EST 2008


On Jan 7, 2008 11:15 AM, Douglas E. Engert <deengert at anl.gov> wrote:
>
>
> Jason D. McCormick wrote:
> > Douglas E. Engert wrote:
> >
> >> Why are you using DES? All the newer Kerberos can use ArcFour. So try
> >> ktpass witout the crypto option.
> >
> > Do you know if the Linux NFSv4 stuff can use ArcFour?  I've only been
> > able to find (older - circa '06) docs that state the only working type
> > is des-cbc-crc.
>
> Don't know, but a lot of the developers on the nfsv4 at ietf.org list are also
> on the Kerberos list.

The user-land code, which uses Kerberos GSS, can handle all the
enctypes that Kerberos supports.  However, the kernel GSS code is
still limited to only DES.  I'm currently working on fixing that.

K.C.



More information about the Kerberos mailing list