On Mon, 25 Mar 2024, Chuck Lever III wrote: > > > > On Mar 25, 2024, at 2:34 AM, jaganmohan kanakala <jaganmohan.kanakala@xxxxxxxxx> wrote: > > > > Hi Chuck, > > > > Following up with my earlier email, I've noted from the following commit that the support for SHA 256/384 has now been added to Linux NFS. > > https://github.com/torvalds/linux/commit/a40cf7530d3104793f9361e69e84ada7960724f2 > > > > The commit message says that the implementation was in 'beta' at the time of the commit. Is the implementation still in the 'beta' stage? > > "Beta" was used simply to mean that the code did not have > significant test or deployment experience. So far there > have been only a few bugs, all known to be fixed at the > moment. > > > > I have an NFS client where I'm trying to support SHA 256 for Krb5. How can I verify my implementation with the Linux NFS server? > > You will need a Linux distribution whose user space > Kerberos libraries support AES_SHA2 enctypes, and of > course a recent kernel. Scott, anything else? Does the > KDC need to handle these enctypes too? It depends on whether both the NFS client and the NFS server support the enctype negotiation extension (RFC 4537). If they do, then the KDC doesn't need to be able to handle those enctypes. -Scott > > -- Chuck Lever > >