Re: krb5 transition: upgrading to krb5 1.6.1
Steinar H Gunderson <sgunderson@bigfoot.com> writes:
> Reading the bug log, it looks like the "proper" configuration in this
> case is deleting all the nfs/servername@REALM encryption types except
> des-cbc-crc. Is this correct?
Correct. In general, you never want to have Kerberos keys in your KDC for
a service principal for enctypes that that service doesn't support.
> When playing with NFSv4 for the first time, I ran into rather obscure
> bugs _if_ you only left des-cbc-crc. However, I guess that has fixed
> itself by now...
I hope so.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: