[35901] in Kerberos
Re: Transferring NFSv4 nfs/ keys from KDC to client?
daemon@ATHENA.MIT.EDU (Wendy Lin)
Thu Mar 20 17:39:05 2014
MIME-Version: 1.0
In-Reply-To: <1395325405.26633.49.camel@willson.li.ssimo.org>
Date: Thu, 20 Mar 2014 22:38:53 +0100
Message-ID: <CA+j=ERow1xhoCMU8oh7Hp8R2DpCBbHJZvDMsMLkbysG5SFcwzw@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Simo Sorce <simo@redhat.com>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="koi8-r"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 20 March 2014 15:23, Simo Sorce <simo@redhat.com> wrote:
> On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote:
>> Can any one confirm, or deny, that using only
>>
>> permitted_enctypes = "des-cbc-crc"
>>
>> will work around the problem?
>
> In older kernels the only encryption algorithm supported for NFS is DES,
> this is a well known limitation.
>
>> How can I create such a "des-cbc-crc"
>> key, if I do not have them yet?
>
> You can get a new set of key for the principal using ktadd and passing
> it -e des-cbc-crc as an option. This will create only a des key for the
> principal and the KDC will us no other encryption algorithms when
> releasing tickets for the principal to other clients.
It does not work:
ktadd -e des-cbc-crc testuser
ktadd: Invalid argument while parsing keysalts des
Help?
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
