Bug#622146: nfs-kernel-server: error Encryption type not permitted
"Kramarenko A. Maxim" <email@example.com> writes:
> P.S. But kinit gets the same ticket from KDC? Or kinit does not use the
> kernel and uses the tools of userland-level?
The NFS server, client, and KDC all have to agree on a single encryption
type, and the encryption type of the service ticket issued by the KDC to
the client has to be in an encryption type that the NFS server supports.
> root@debian:~# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL
> Valid starting Expires Service principal
> 11/14/11 22:51:28 11/15/11 08:51:36 krbtgt/SAG.LOCAL@SAG.LOCAL
> renew until 11/15/11 22:51:28
It would be more interesting to run klist -e after attempting to contact
the server, so that you can see what the encryption type of the service
ticket for the NFS server was.
Russ Allbery (firstname.lastname@example.org) <http://www.eyrie.org/~eagle/>