On 01/04/2011 11:37 AM, Kevin Coffman wrote:
On Tue, Jan 4, 2011 at 12:27 PM, Orion Poplawski<orion@xxxxxxxxxxxxx> wrote:
I'm trying to get kerberized NFSv4 setup for the first time (have had
non-secure v4 up for a while). Client is Fedora 14, server is CentOS 5.5.
[ ... ]
keytabs on server and client are like:
3 nfs/orca.cora.nwra.com@xxxxxxxxxxxxx (Triple DES cbc mode with
HMAC/sha1)
3 nfs/orca.cora.nwra.com@xxxxxxxxxxxxx (ArcFour with HMAC/md5)
3 nfs/orca.cora.nwra.com@xxxxxxxxxxxxx (DES with HMAC/sha1)
3 nfs/orca.cora.nwra.com@xxxxxxxxxxxxx (DES cbc mode with RSA-MD5)
Any ideas?
Only DES is supported for your server's kernel:
http://www.citi.umich.edu/projects/nfsv4/linux/krb5-setup.html
Indeed, it does work if I limit the keys to DES only
(des-hmac-sha1:normal,des-cbc-md5:normal). Although I had seen at least one
report that using ktadd -e des-cbc-crc:normal was no longer necessary as of 5.2:
http://sadiquepp.blogspot.com/2009/02/how-to-configure-nfsv4-with-kerberos-in.html
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion@xxxxxxxxxxxxx
Boulder, CO 80301 http://www.cora.nwra.com
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
