2010/3/8 Lukas Hejtmanek <xhejtman@xxxxxxxxxxx>: > On Mon, Mar 08, 2010 at 08:44:07AM -0500, Kevin Coffman wrote: >> I don't know how much testing has been done with nfs-utils and krb5 >> 1.8. Debian is usually the first to hit (and correct) any problems. >> Is there a later kerberos release you could try? The final version of >> krb5 1.8 was released last week. > > looks like some error check has been removed since nfs-utils 1.2.0. rpc.gssd > from nfs-utils 1.2.0 complains with: > > Mar 8 16:28:20 anubis rpc.gssd[1982]: rpcsec_gss: gss_init_sec_context: > (major) Unspecified GSS failure. Minor code may provide more information > - (minor) No supported encryption types (config file error?) > > rpc.gssd from 1.2.2 segfaults. Are you aware that DES is disabled by default with krb5 1.8? See http://www.mit.edu/~kerberos/krb5-1.8/ So you probably need to add "allow_weak_crypto = true" to your /etc/krb5.conf file. (I believe MIT added an API to allow this programmatically, but I haven't been following closely enough.) That doesn't excuse the segfault in 1.2.2 though. K.C. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
