Transferring NFSv4 nfs/ keys from KDC to client?

ольга крыжановская olga.kryzhanovska at gmail.com
Thu Mar 20 09:48:38 EDT 2014 

Can any one confirm, or deny, that using only

permitted_enctypes = "des-cbc-crc"

will work around the problem? How can I create such a "des-cbc-crc"
key, if I do not have them yet?

Olga

On Thu, Mar 20, 2014 at 1:44 PM, steve <steve at steve-ss.com> wrote:
> On Thu, 2014-03-20 at 13:05 +0100, Wendy Lin wrote:
>> On 20 March 2014 11:03, steve <steve at steve-ss.com> wrote:
>> > On Thu, 2014-03-20 at 00:52 +0100, Wendy Lin wrote:
>> >>
>> >> I tried permitted_enctypes = "des-cbc-crc des3-cbc-sha1" but this only
>> >> gives me a new kind of (its mocking me?!) error message in
>> >> /var/log/messages on the server:
>> >>
>> >> rpc.svcgssd[6967]: qword_eol: fflush failed: errno 38 (Function not implemented)
>> >>
>> >> Wendy
>> >
>> > Hi again
>> > Looks like it may be fighting a kernel problem. The server needs 2.6.38
>> > or better:
>> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622146
>> > You also need a recent kernel server. What do you have on 11.3?
>>
>> Linux test1 2.6.34.10-0.6-desktop #1 SMP PREEMPT 2011-12-13 18:27:38
>> +0100 x86_64 x86_64 x86_64 GNU/Linux
>>
>> There are kernels-of-the-day builds from Suse, but 11.3 is so old that
>> I do not know where they put this stuff to.
>>
>> > With 13.1, we're using arcfour-hmac-md5 throughout the mount process. Is
>> > there any chance you can upgrade?
>>
>> Doable, but it will take months to migrate. What do not understand is
>> that no one, say Linus or friends, *test* their stuff it it is really
>> interoperable with the rest of the world. It hurts, badly.
>>
>> Wendy
>
> OK. Let's try to get that kernel. We've just posted to the openSUSE
> list. Maybe there's an rpm lying around somewhere. . .
> http://lists.opensuse.org/opensuse/2014-03/msg00511.html
> Steve
>
>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos



-- 
      ,   _                                    _   ,
     { \/`o;====-    Olga Kryzhanovska   -====;o`\/ }
.----'-/`-/     olga.kryzhanovska at gmail.com   \-`\-'----.
 `'-..-| /       http://twitter.com/fleyta     \ |-..-'`
      /\/\     Solaris/BSD//C/C++ programmer   /\/\
      `--`                                      `--`

More information about the Kerberos mailing list