On Mon, Aug 01, 2011 at 01:34:34AM -0700, Steve Langasek wrote: > On Tue, Jul 19, 2011 at 05:42:34PM -0400, Sam Hartman wrote: > > I don't have checkouts handy, but my strong suspicion is that if someone > > is now passing in GSS_C_NT_HOSTBASED_SERVICE into gssd_acquire_cred and > > there isn't an argument slot, you can leave it off. > > gss_c_nt_hostbased_service has always been the default for gssd. > > Ok, thanks. I've built packages of nfs-utils and krb5 using the referenced > backported patches, and can confirm that I'm now able to connect > successfully from an nfs-utils 1.2.4 client without having to set > permitted_enctypes on the server. > > I've attached the patches for both packages to this mail. Phil, is it ok > for these to be uploaded to stable-proposed-updates? This fixes a bug that > makes squeeze kerberized NFS servers unusable with newer clients (e.g., > wheezy).
Please go ahead. I really hope that the regression potential is low for existing clients. Let's hope we find it out before the point release. (The change in nfs-utils is streching the guidelines a bit.) Kind regards Philipp Kern
signature.asc
Description: Digital signature
