On Wed, Apr 14, 2010 at 3:32 PM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: > On 04/14/2010 02:51 PM, Kevin Coffman wrote: >> >> Hi Steve, >> This surprises me. I believe this would result in DES being used >> rather than the stronger enctypes. Can you give me more details of >> the problems you saw? > > In limit_krb5_enctypes(), if I did not give gss_set_allowable_enctypes() > the list of enctypes in an increasing order, creating the krb5 context for > root would fail. When gave them in order root got its context... > > I figured it was some type of krb5 lib quirk, since the default enctypes > are also in increasing order... > > steved. Note that I have seen the DES preferences listed as both 3,1,2 and 1,3,2. The default list in limit_krb5_enctypes() is [ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4], or 1,3,2 I suspect there must have been some other issue when you tested? K.C. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
