Re: krb5 transition: upgrading to krb5 1.6.1

To: debian-devel@lists.debian.org
Subject: Re: krb5 transition: upgrading to krb5 1.6.1
From: Russ Allbery <rra@debian.org>
Date: Sun, 29 Apr 2007 11:34:59 -0700
Message-id: <[🔎] 878xcb2fn0.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20070429183210.GA26185@uio.no> (Steinar H. Gunderson's message of "Sun, 29 Apr 2007 20:32:10 +0200")
References: <[🔎] tslveffnjni.fsf@mit.edu> <[🔎] 20070429183210.GA26185@uio.no>

Steinar H Gunderson <sgunderson@bigfoot.com> writes:

> Reading the bug log, it looks like the "proper" configuration in this
> case is deleting all the nfs/servername@REALM encryption types except
> des-cbc-crc. Is this correct?

Correct.  In general, you never want to have Kerberos keys in your KDC for
a service principal for enctypes that that service doesn't support.

> When playing with NFSv4 for the first time, I ran into rather obscure
> bugs _if_ you only left des-cbc-crc. However, I guess that has fixed
> itself by now...

I hope so.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: krb5 transition: upgrading to krb5 1.6.1
  - From: Marcus Better <marcus@better.se>

References:
- krb5 transition: upgrading to krb5 1.6.1
  - From: Sam Hartman <hartmans@debian.org>
- Re: krb5 transition: upgrading to krb5 1.6.1
  - From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>

Prev by Date: Re: krb5 transition: upgrading to krb5 1.6.1
Next by Date: Bug#421513: ITP: sphpblog -- web-based blog software without need for a database
Previous by thread: Re: krb5 transition: upgrading to krb5 1.6.1
Next by thread: Re: krb5 transition: upgrading to krb5 1.6.1
Index(es):
- Date
- Thread