Bug#657802: nfs-kernel-server: NFSv4 kerberos mount stopped working after upgrade to 6.0.4 point release
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> Recent versions of the nfs userland (1.2.5 and up, i think) rely on
> getting a report from the kernel about what enctypes the kernel
> supports.
> I think that data is usually reported by the kernel in
> /proc/fs/nfsd/supported_krb5_enctypes, where the enctypes are identified
> by number, like so:
> 18,17,16,23,3,1,2
Translation via grep ' ENCTYPE_' /usr/include/krb5/krb5.h with libkrb5-dev
installed says that is:
ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES128_CTS_HMAC_SHA1_96
ENCTYPE_DES3_CBC_SHA1
ENCTYPE_ARCFOUR_HMAC
ENCTYPE_DES_CBC_MD5
ENCTYPE_DES_CBC_CRC
ENCTYPE_DES_CBC_MD4
which is indeed every enctype that you're ever likely to care about. So
just omitting the -e flag would be correct with that set of supported
enctypes.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: