On 2/29/24 16:52, Scott Mayhew wrote: > A quick solution would be to do this on your NFS server: > > # echo "mac@Kerberos = -HMAC-SHA2-*" >/usr/share/crypto-policies/policies/modules/NFS.pmod > # update-crypto-policies --set DEFAULT:NFS > # systemctl restart gssproxy > > but note that would be turning off the SHA2 enctypes for everything > krb5-related, not just NFS. That has worked well, thank you again! > Or, you could test the patches I sent to the list yesterday (this would > be on the client, not the server). The problem is those patches don't > apply cleanly to the current version of nfs-utils shipped in EL9. That's a bit much for me at the moment. Especially since the above workaround is acceptable to me. -- Orion Poplawski he/him/his - surely the least important thing about me Manager of IT Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxx Boulder, CO 80301 https://www.nwra.com/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
