Bug#622146: nfs-kernel-server: error Encryption type not permitted

To: "Kramarenko A. Maxim" <mc-sim85@ya.ru>
Cc: 622146@bugs.debian.org, "Luk Claes" <luk@debian.org>
Subject: Bug#622146: nfs-kernel-server: error Encryption type not permitted
From: Russ Allbery <rra@debian.org>
Date: Mon, 14 Nov 2011 21:54:29 -0800
Message-id: <[🔎] 87obwe2ane.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 622146@bugs.debian.org
In-reply-to: <[🔎] op.v4y244dleaxn5m@odmen.sag.local> (Kramarenko A. Maxim's message of "Tue, 15 Nov 2011 09:35:18 +0400")
References: <[🔎] 20111114145704.4829.23854.reportbug@archiv.SAG.local> <[🔎] 4EC13589.6020106@debian.org> <[🔎] op.v4x4sleseaxn5m@odmen.sag.local> <[🔎] 87obwed0tj.fsf@windlord.stanford.edu> <[🔎] op.v4x9p7pgeaxn5m@odmen.sag.local> <[🔎] 8739dqcuwa.fsf@windlord.stanford.edu> <[🔎] op.v4y244dleaxn5m@odmen.sag.local>

"Kramarenko A. Maxim" <mc-sim85@ya.ru> writes:

>> It would be more interesting to run klist -e after attempting to contact
>> the server, so that you can see what the encryption type of the service
>> ticket for the NFS server was.

> on client:

> root@debian:~# kinit -k  nfs/debian.sag.local
> root@debian:~# klist -e
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: nfs/debian.sag.local@SAG.LOCAL

> Valid starting     Expires            Service principal
> 11/15/11 09:27:22  11/15/11 19:27:30  krbtgt/SAG.LOCAL@SAG.LOCAL
>         renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac,
> arcfour-hmac

No, this is the TGT for the client's principal.  Rather than running klist
-e immediately after obtaining credentials, run kinit and then try to
access NFS (so that rpc.gssd will obtain a service ticket for the server)
and *then* run klist -e and look at what encryption type the service
ticket for nfs/archiv.sag.local@SAG.LOCAL has.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>

References:
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Mc.Sim" <mc-sim85@ya.ru>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Luk Claes <luk@debian.org>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Russ Allbery <rra@debian.org>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: Russ Allbery <rra@debian.org>
- Bug#622146: nfs-kernel-server: error Encryption type not permitted
  - From: "Kramarenko A. Maxim" <mc-sim85@ya.ru>

Prev by Date: Bug#622146: nfs-kernel-server: error Encryption type not permitted
Next by Date: Bug#648388: marked as done (linux-image-3.0.0-1-686-pae: BRCMSMAC causes soft kernel panics)
Previous by thread: Bug#622146: nfs-kernel-server: error Encryption type not permitted
Next by thread: Bug#622146: nfs-kernel-server: error Encryption type not permitted
Index(es):
- Date
- Thread