[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#622146: nfs-kernel-server: error Encryption type not permitted

"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

>> It would be more interesting to run klist -e after attempting to contact
>> the server, so that you can see what the encryption type of the service
>> ticket for the NFS server was.

> on client:

> root@debian:~# kinit -k  nfs/debian.sag.local
> root@debian:~# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting     Expires            Service principal
> 11/15/11 09:27:22  11/15/11 19:27:30  krbtgt/SAG.LOCAL@SAG.LOCAL
>         renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac

No, this is the TGT for the client's principal.  Rather than running klist
-e immediately after obtaining credentials, run kinit and then try to
access NFS (so that rpc.gssd will obtain a service ticket for the server)
and *then* run klist -e and look at what encryption type the service
ticket for nfs/archiv.sag.local@SAG.LOCAL has.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: