[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#622146: This is broken for me.

On Mon, Oct 24, 2011 at 04:26:10PM -0400, Daniel Kahn Gillmor wrote:
> On 10/24/2011 03:09 PM, Rob Naccarato wrote:
> > 
> > nfs-common 1:1.2.4-1~bpo60+1
> 
> ok, that matches my setup.
> 
> >> A useful test might be to *reduce* the number of supported_enctypes to a
> >> select one or two, then change the keys for the client and the server
> >> (and for any user account using krb5 authentication) and re-try.
> > 
> > So, reduce the list to, say, just aes128-cts:normal? Should I also remove the
> > allow_weak_crypto option?
> 
> yes, that's what i would try -- it appears to be currently working for
> me.  Perhaps someone more experienced with krb5 and nfs than i am can
> also weigh in with suggestions.

Alright, my kdc.conf contains:

	 supported_enctypes = aes128-cts:normal

Both client and server krb5.conf's have allow_weak_crypto commented out.

Now I get a different error on the nfs server:

Oct 24 17:39:57 blackdog rpc.svcgssd[28694]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure.  Minor code may provide more information) - No supported encryption
types (config file error?)
Reply to: