Bug#622146: nfs-common: compatibility between squeeze and sid broken

[Sam Hartman <hartmans@debian.org>]

Hi.
I was missing some context here.

My suspicion is that things will work
if you add
permitted_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
to the configuration of the nfs server

And make sure that the nfs principal on the NFS server has nothing but a
des-cbc-crc key in the KDC database.
That is
kadmin.local: getprinc nfs/machine_name
should only list DES keys.

If you satisfy all of these conditions then I *think* that a sid client
can connect to a squeeze server.

It may also work to make the following config changes on the client:

default_tgs_enctypes = des-cbc-crc

and no config changes on the server.


Clearly, this is all non-ideal.
Once we confirm what's going on, we can look into backporting some fixes
to this issue introduced into MIT Kerberos and nfs-utils.


--Sam