Hi Linux-NFS team, I'm trying to set up the Kerberos5 setup with MIT as the KDC on my RHEL 8 machines. I'm able to get the setup working with Kerberos encryption types where the hash type is SHA1 (aes128-cts-hmac-sha1-96 and aes256-cts-hmac-sha1-96). As SHA1 is kind of obsolete, my goal is to get my setup working for SHA256 hash types (aes128-cts-hmac-sha256-128, aes256-cts-hmac-sha384-192). I tried that. The communication between the Linux client and MIT KDC is aes128-cts-hmac-sha256-128, but the communication between the Linux client and Linux NFS server is only aes256-cts-hmac-sha1-96. When I checked the Linux upstream code I see that there is no support for SHA256 (and above) hash types. https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/net/sunrpc/auth_gss/gss_krb5_mech.c Have I looked at the right source code? Does the latest Linux NFS server has support for kerberos encryption types aes128-cts-hmac-sha256-128, aes256-cts-hmac-sha384-192 ? Can anyone confirm? BR, Jaganmohan K
