NFS and subsession key negotiation

Sam Hartman hartmans at MIT.EDU
Tue Jun 8 10:44:04 EDT 2010

I wonder if etype negotiation could be used to improve the situation
where an nfs server only supports DES but has incorrectly been
configured with additional service keys.

I'm imagining a situation where the enctypes set on the credentials on
the server limited etypes that could be negotiated for the subkey and
possibly end up negotiating an etype weaker than the session key.


More information about the krbdev mailing list