Transferring NFSv4 nfs/ keys from KDC to client?

Simo Sorce simo at redhat.com
Thu Mar 20 10:23:25 EDT 2014


On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote:
> Can any one confirm, or deny, that using only
> 
> permitted_enctypes = "des-cbc-crc"
> 
> will work around the problem?

In older kernels the only encryption algorithm supported for NFS is DES,
this is a well known limitation.

>  How can I create such a "des-cbc-crc"
> key, if I do not have them yet?

You can get a new set of key for the principal using ktadd and passing
it -e des-cbc-crc as an option. This will create only a des key for the
principal and the KDC will us no other encryption algorithms when
releasing tickets for the principal to other clients.

HTH,
Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the Kerberos mailing list