Transferring NFSv4 nfs/ keys from KDC to client?
Wendy Lin
wendlin1974 at gmail.com
Thu Mar 20 17:38:53 EDT 2014
On 20 March 2014 15:23, Simo Sorce <simo at redhat.com> wrote:
> On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote:
>> Can any one confirm, or deny, that using only
>>
>> permitted_enctypes = "des-cbc-crc"
>>
>> will work around the problem?
>
> In older kernels the only encryption algorithm supported for NFS is DES,
> this is a well known limitation.
>
>> How can I create such a "des-cbc-crc"
>> key, if I do not have them yet?
>
> You can get a new set of key for the principal using ktadd and passing
> it -e des-cbc-crc as an option. This will create only a des key for the
> principal and the KDC will us no other encryption algorithms when
> releasing tickets for the principal to other clients.
It does not work:
ktadd -e des-cbc-crc testuser
ktadd: Invalid argument while parsing keysalts des
Help?
Wendy
More information about the Kerberos
mailing list