On 04/14/2010 03:50 PM, Kevin Coffman wrote: > On Wed, Apr 14, 2010 at 3:32 PM, Steve Dickson <SteveD@xxxxxxxxxx> wrote: >> On 04/14/2010 02:51 PM, Kevin Coffman wrote: >>> >>> Hi Steve, >>> This surprises me. I believe this would result in DES being used >>> rather than the stronger enctypes. Can you give me more details of >>> the problems you saw? >> >> In limit_krb5_enctypes(), if I did not give gss_set_allowable_enctypes() >> the list of enctypes in an increasing order, creating the krb5 context for >> root would fail. When gave them in order root got its context... >> >> I figured it was some type of krb5 lib quirk, since the default enctypes >> are also in increasing order... >> >> steved. > > Note that I have seen the DES preferences listed as both 3,1,2 and 1,3,2. > > The default list in limit_krb5_enctypes() is [ENCTYPE_DES_CBC_CRC, > ENCTYPE_DES_CBC_MD5, ENCTYPE_DES_CBC_MD4], or 1,3,2 > > I suspect there must have been some other issue when you tested? Not that I saw... when I made that kernel change, rebooted, restarted everything, I never saw the problem again... steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
