On Sun, Apr 29, 2007 at 02:02:41PM -0400, Sam Hartman wrote: > I'm aware of one issue that impacts nfs-utils. Bug #413838 describe a > problem where if your server has a common misconfiguration the 1.6 > Kerberos libraries on the client will cause mounts to fail. In > particular, the kernel only supports DES encryption for NFS. However, > many servers are keyed as if they support more modern encryption such > as AES. The client tries to request that only DES be used, but this > has been broken in 1.6. So, Kerberos negotiates AES or some other > strong encryption and then the server tries to feed this to the kernel > and fails. This is a bug and MIT will definitely fix it, but I don't > think this should hold up an upload to unstable. There is a work > around: properly configure the server.
Reading the bug log, it looks like the "proper" configuration in this case is deleting all the nfs/[EMAIL PROTECTED] encryption types except des-cbc-crc. Is this correct? When playing with NFSv4 for the first time, I ran into rather obscure bugs _if_ you only left des-cbc-crc. However, I guess that has fixed itself by now... /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
