Bug#622146: nfs-kernel-server: error Encryption type not permitted
"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:
>> It would be more interesting to run klist -e after attempting to contact
>> the server, so that you can see what the encryption type of the service
>> ticket for the NFS server was.
> on client:
> root@debian:~# kinit -k nfs/debian.sag.local
> root@debian:~# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL
> Valid starting Expires Service principal
> 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL
> renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac
No, this is the TGT for the client's principal. Rather than running klist
-e immediately after obtaining credentials, run kinit and then try to
access NFS (so that rpc.gssd will obtain a service ticket for the server)
and *then* run klist -e and look at what encryption type the service
ticket for nfs/archiv.sag.local@SAG.LOCAL has.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: