Kevin Coffman wrote:
> Hi Steve,
>
> This patch shouldn't be necessary.
>
> When you say "registers with the KDC", I assume that you mean gets a
> TGT.
I'm not sure what a TGT is... but what I talking about is the AS-REQ and AS-REP
(output from wireshark):
Kerberos AS-REQ (from rpc.gssd)
Pvno: 5
MSG Type: AS-REQ (10)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40000010 (Forwardable, Renewable OK)
Client Name (Principal): nfs/HOST.DOMAINNAME
Realm: REALM
Server Name (Unknown): krbtgt/REALM
from: 2008-11-11 12:56:53 (UTC)
till: 2008-11-12 12:56:53 (UTC)
Nonce: 1226408213
Encryption Types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 rc4-hmac des-cbc-crc des-cbc-md5 des-cbc-md4 rsa-sha1-cms rsa-md5-cms des-ede3-cbc-env rc2-cbc-env rsa-env
Kerberos AS-REP (From a linux KDC)
Pvno: 5
MSG Type: AS-REP (11)
padata: PA-ENCTYPE-INFO2
Client Realm: REALM
Client Name (Principal): nfs/HOST.home.DOMAINNAME
Ticket
enc-part des-cbc-crc
So my point is what if the KDC returns something other that 'des-cbc-crc' in the
AS-REP since in the AS-REQ we says we support all those encryption types.
Again this is still all theory since still don't have a functionally
non-linux KDC but I'm working on it...
steved.
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
