Bug#622146: This is broken for me.
On Mon, Oct 24, 2011 at 04:26:10PM -0400, Daniel Kahn Gillmor wrote:
> On 10/24/2011 03:09 PM, Rob Naccarato wrote:
> >
> > nfs-common 1:1.2.4-1~bpo60+1
>
> ok, that matches my setup.
>
> >> A useful test might be to *reduce* the number of supported_enctypes to a
> >> select one or two, then change the keys for the client and the server
> >> (and for any user account using krb5 authentication) and re-try.
> >
> > So, reduce the list to, say, just aes128-cts:normal? Should I also remove the
> > allow_weak_crypto option?
>
> yes, that's what i would try -- it appears to be currently working for
> me. Perhaps someone more experienced with krb5 and nfs than i am can
> also weigh in with suggestions.
Alright, my kdc.conf contains:
supported_enctypes = aes128-cts:normal
Both client and server krb5.conf's have allow_weak_crypto commented out.
Now I get a different error on the nfs server:
Oct 24 17:39:57 blackdog rpc.svcgssd[28694]: ERROR: GSS-API: error in
handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
failure. Minor code may provide more information) - No supported encryption
types (config file error?)
Reply to: