Hi Jostein
On Sun, Mar 16, 2025 at 02:53:14PM +0100, Jostein Fossheim wrote:
> Package: nfs-kernel-server
> Version: 1:2.6.2-4+deb12u1
>
> Other relevant packages: gssproxy (0.9.1-1+b1), we have tested both with
> rpc.svcgssd and gssproxy with seemingly similar results.
>
>
> I am struggling in our lab to understand why my kerberized nfs-servers
> running debian is not able to handle aes256-cts-hmac-sha384-192 /
> aes128-cts-hmac-sha256-128 encryption.
>
> We configured a freeIPA-enrolled Debian server, and configure our shares in a
> similar way as on our Red Hat (RockyLinux) servers, and all clients got
> access denied, while trying to mount the relevant shares.
>
> After some investigation we saw the following we saw the following message in
> the logs:
> |
>
> ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context():
> GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more
> information) - Encryption type aes256-cts-hmac-sha384-192 not permitted
>
> The default keytabs provided via freeipa enrollment are the following (we add
> the nfs-service-keytab manually)
>
> |
>
> |
>
> klist -e -k /etc/krb5.keytab
>
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha384-192)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha256-128)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha1-96)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha1-96)
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha384-192)
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha256-128)||
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net (aes256-cts-hmac-sha1-96)
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha1-96)|
>
>
> So we tried to remove the "nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha384-192)"-keytab and tested again,
> then we saw aes128-sha2 erros in the logs, only after we removed the
> "nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha256-128)" as well
> our clients where able to mount their shares. So the following server-keytabs
> are ok:
>
> |
>
> klist -e -k /etc/krb5.keytab
>
> Keytab name: FILE:/etc/krb5.keytab
> KVNO Principal
> ----
> --------------------------------------------------------------------------
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha384-192)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha256-128)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes256-cts-hmac-sha1-96)
> 1 host/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha1-96)
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net (aes256-cts-hmac-sha1-96)
> 1 nfs/basic-nas.lab.skyfritt....@lab.skyfritt.net
> (aes128-cts-hmac-sha1-96)|
>
>
> Having all the standard keytabs seems to be unproblematic on the client side.
>
> We have tried to install gssproxy as well on our servers, but the same access
> denied messages are occurring but the log-messages are more dubious
> when we use the encryption-/hashing-schemas in question. We have experimented
> quite a bit, and cannot understand why Debian nfs-servies should not be able
> to accept
> aes256-cts-hmac-sha384-192 and aes128-cts-hmac-sha256-128 tickets which our
> Red Hat / Rocky Servers are.
>
> Setting things like:
>
> permitted_enctypes =
> aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
> default_tkt_enctypes =
> aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
> default_tgs_enctypes =
> aes256-cts-hmac-sha384-192,aes128-cts-hmac-sha256-128,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
>
> Seems to have no effect.
I think this is not a nfs-utils issue itself but we have not enabled
CONFIG_RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2 in the kernel for Debian
(only available with a40cf7530d31 ("SUNRPC: Add gk5e definitions for
RFC 8009 encryption types") in 6.3-rc1 onwards):
config RPCSEC_GSS_KRB5_ENCTYPES_AES_SHA2
bool "Enable Kerberos enctypes based on AES and SHA-2"
depends on RPCSEC_GSS_KRB5
depends on CRYPTO_CBC && CRYPTO_CTS
depends on CRYPTO_HMAC && CRYPTO_SHA256 && CRYPTO_SHA512
depends on CRYPTO_AES
default n
help
Choose Y to enable the use of Kerberos 5 encryption types
that utilize Advanced Encryption Standard (AES) ciphers and
SHA-2 digests. These include aes128-cts-hmac-sha256-128 and
aes256-cts-hmac-sha384-192.
Can you please confirm by doing a kernel build e.g. with version
available in bookworm-backports, which would be recent enough with
this enabled make your setup work?
For you though I think the following might be relevant to help making
setups with "old" kernel work, would be great if you can confirm that
as well:
https://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=9b1f860a3457328a08395651d029a454e0303454
Note that though this only landed in nfs-utils-2-7-1-rc5 and you have
it not available in nfs-utils in Debian bookworm.
But that said the situation in Bookworm might not be optimal for
kerberized NFS setups.
Regards,
Salvatore
