[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#622146: nfs-kernel-server: error Encryption type not permitted

"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

> root@debian:~# klist -e /tmp/krb5cc_machine_SAG.LOCAL
> Ticket cache: FILE:/tmp/krb5cc_machine_SAG.LOCAL
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting     Expires            Service principal
> 11/15/11 11:07:25  11/15/11 21:07:28  krbtgt/SAG.LOCAL@SAG.LOCAL
>         renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac
> 11/15/11 11:07:28  11/15/11 21:07:28  nfs/archiv.sag.local@SAG.LOCAL
>         renew until 11/16/11 11:07:25, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac

Okay, well, so much for that theory.  I was hoping that for some reason
you were getting service tickets that weren't arcfour-hmac for some
reason, but you are, so I don't get why they wouldn't match.

> Nov 15 11:07:28 archiv rpc.svcgssd[2089]: ERROR: GSS-API: error in
> handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS
> failure.  Minor code may provide more information) - No supported
> encryption types (config file error?)

The only thing that I can think of at this point is that the underlying
GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac
for some reason.  Maybe you don't have the backported version of
everything and your daemon still only supports DES somehow?

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: