[35900] in Kerberos
Re: Transferring NFSv4 nfs/ keys from KDC to client?
daemon@ATHENA.MIT.EDU (Simo Sorce)
Thu Mar 20 10:23:49 2014
From: Simo Sorce <simo@redhat.com>
To: =?UTF-8?Q?=D0=BE=D0=BB=D1=8C=D0=B3=D0=B0_?=
=?UTF-8?Q?=D0=BA=D1=80=D1=8B=D0=B6=D0=B0=D0=BD=D0=BE=D0=B2=D1=81=D0=BA?=
=?UTF-8?Q?=D0=B0=D1=8F?= <olga.kryzhanovska@gmail.com>
In-Reply-To: <CA+OH3v17AP+u7hfQmxdVTbWFRQtuFH407S=5h7k9PCyLgRE7-Q@mail.gmail.com>
Date: Thu, 20 Mar 2014 10:23:25 -0400
Message-ID: <1395325405.26633.49.camel@willson.li.ssimo.org>
Mime-Version: 1.0
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote:
> Can any one confirm, or deny, that using only
>
> permitted_enctypes = "des-cbc-crc"
>
> will work around the problem?
In older kernels the only encryption algorithm supported for NFS is DES,
this is a well known limitation.
> How can I create such a "des-cbc-crc"
> key, if I do not have them yet?
You can get a new set of key for the principal using ktadd and passing
it -e des-cbc-crc as an option. This will create only a des key for the
principal and the KDC will us no other encryption algorithms when
releasing tickets for the principal to other clients.
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
