[15883] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

NFS and subsession key negotiation

daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jun 8 10:44:07 2010

To: krbdev@mit.edu
Message-Id: <20100608144404.82F9540D1@carter-zimmerman.suchdamage.org>
Date: Tue,  8 Jun 2010 10:44:04 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu


I wonder if etype negotiation could be used to improve the situation
where an nfs server only supports DES but has incorrectly been
configured with additional service keys.

I'm imagining a situation where the enctypes set on the credentials on
the server limited etypes that could be negotiated for the subkey and
possibly end up negotiating an etype weaker than the session key.

--Sam
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post