On 03/16/2011 09:29 PM, Kevin Coffman wrote: > Recent versions of Kerberos libraries negotiate and use > an "acceptor subkey". This negotiation does not consider > that a service may have limited the encryption keys in its > keytab. A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603) > has been added to the MIT Kerberos code to allow an application > to indicate that it wants to limit the encryption types negotiated. > (This functionality has been available on the client/initiator > side for a while. The new patch adds this support to the > server/acceptor side.) > > This patch adds support to read a recently added nfsd > proc file to determine the encryption types supported by > the kernel and calls the function to limit encryption > types negotiated for the acceptor subkey. > > Signed-off-by: Kevin Coffman <kwc@xxxxxxxxxxxxxx> Committed.. steved. -- To unsubscribe from this list: send the line "unsubscribe linux-nfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
