[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1100641: Kerberized NFSv4-servers unable to accept: aes256-cts-hmac-sha384-192 or aes128-cts-hmac-sha256-128 encryption.



Hi Salvatore

On 2025-03-16 16:52, Salvatore Bonaccorso wrote:
Hi Jostein

On Sun, Mar 16, 2025 at 02:53:14PM +0100, Jostein Fossheim wrote:
Package: nfs-kernel-server
Version: 1:2.6.2-4+deb12u1

Other relevant packages: gssproxy (0.9.1-1+b1), we have tested both with rpc.svcgssd and gssproxy with seemingly similar results.


I am struggling in our lab to understand why my kerberized nfs-servers running debian is not able to handle aes256-cts-hmac-sha384-192 / aes128-cts-hmac-sha256-128 encryption.

We configured a freeIPA-enrolled Debian server, and configure our shares in a similar way as on our Red Hat (RockyLinux) servers, and all clients got access denied, while trying to mount the relevant shares.

After some investigation we saw the following we saw the following message in the logs: 	

ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure.  Minor code may provide more information) - Encryption type aes256-cts-hmac-sha384-192 not permitted

The default keytabs provided via freeipa enrollment are the following (we add the nfs-service-keytab manually)



klist -e -k /etc/krb5.keytab

Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)


So we tried to remove the "nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192)"-keytab and tested again,
then we saw aes128-sha2 erros in the logs, only after we removed the "nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)" as well
our clients where able to mount their shares. So the following server-keytabs are ok:

|

klist -e -k /etc/krb5.keytab

Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha384-192)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha256-128)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96)
   1 host/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes256-cts-hmac-sha1-96)
   1 nfs/basic-nas.lab.skyfritt.net@LAB.SKYFRITT.NET (aes128-cts-hmac-sha1-96)


Having all the standard keytabs seems to be unproblematic on the client side.

We have tried to install gssproxy as well on our servers, but the same access denied messages are occurring but the log-messages are more dubious
when we use the encryption-/hashing-schemas in question. We have experimented quite a bit, and cannot understand why Debian nfs-servies should not be able to accept
aes256-cts-hmac-sha384-192 and aes128-cts-hmac-sha256-128 tickets which our Red Hat / Rocky Servers are.

Setting things like:

permitted_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96

Seems to have no effect.

I think this is not a nfs-utils issue itself but we have not enabled
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 in the kernel for Debian
(only available with a40cf7530d31 ("SUNRPC: Add gk5e definitions for
RFC 8009 encryption types") in 6.3-rc1 onwards):

config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
        bool "Enable Kerberos enctypes based on AES and SHA-2"
        depends on RPCSEC_GSS_KRB5
        depends on CRYPTO_CBC && CRYPTO_CTS
        depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
        depends on CRYPTO_AES
        default n
        help
          Choose Y to enable the use of Kerberos 5 encryption types
          that utilize Advanced Encryption Standard (AES) ciphers and
          SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
          aes256-cts-hmac-sha384-192.

Can you please confirm by doing a kernel build e.g. with version
available in bookworm-backports, which would be recent enough with
this enabled make your setup work?

For you though I think the following might be relevant to help making
setups with "old" kernel work, would be great if you can confirm that
as well:

https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=9b1f860a3457328a08395651d029a454e0303454

Note that though this only landed in nfs-utils-2-7-1-rc5 and you have
it not available in nfs-utils in Debian bookworm.

But that said the situation in Bookworm might not be optimal for
kerberized NFS setups. 

Regards,
Salvatore

Thank you for you're response, I am pleased that there seems to be a logical answer to this problem.

I can do whatever tests you want me to, we are studying the situation in a lab-environment and setup the servers via Ansible-playbooks and zfs-snapshotting, so my next plan was to test with Trixie. Is the encryption types included in the default kernel there?

I will try allowed-enctypes on our clients as explained in the commit from the link, and try a custom-kernel build as suggested.

I will report back as soon as possible, probably on Monday.

-- 
Vennlig Hilsen

Jostein Fossheim

Reply to: