[15883] in Kerberos_V5_Development
NFS and subsession key negotiation
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jun 8 10:44:07 2010
To: krbdev@mit.edu
Message-Id: <20100608144404.82F9540D1@carter-zimmerman.suchdamage.org>
Date: Tue, 8 Jun 2010 10:44:04 -0400 (EDT)
From: hartmans@mit.edu (Sam Hartman)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I wonder if etype negotiation could be used to improve the situation
where an nfs server only supports DES but has incorrectly been
configured with additional service keys.
I'm imagining a situation where the enctypes set on the credentials on
the server limited etypes that could be negotiated for the subkey and
possibly end up negotiating an etype weaker than the session key.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev