[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#657802: nfs-kernel-server: NFSv4 kerberos mount stopped working after upgrade to 6.0.4 point release

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> Recent versions of the nfs userland (1.2.5 and up, i think) rely on
> getting a report from the kernel about what enctypes the kernel
> supports.

> I think that data is usually reported by the kernel in
> /proc/fs/nfsd/supported_krb5_enctypes, where the enctypes are identified
> by number, like so:

>   18,17,16,23,3,1,2

Translation via grep ' ENCTYPE_' /usr/include/krb5/krb5.h with libkrb5-dev
installed says that is:

ENCTYPE_AES256_CTS_HMAC_SHA1_96
ENCTYPE_AES128_CTS_HMAC_SHA1_96
ENCTYPE_DES3_CBC_SHA1
ENCTYPE_ARCFOUR_HMAC
ENCTYPE_DES_CBC_MD5
ENCTYPE_DES_CBC_CRC
ENCTYPE_DES_CBC_MD4

which is indeed every enctype that you're ever likely to care about.  So
just omitting the -e flag would be correct with that set of supported
enctypes.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: