On 11/14/2011 01:19 PM, Russ Allbery wrote: > The NFS machinery is going to need to support either arcfour-hmac or > aes128, since Windows never supported 3DES, and you don't want to use > plain DES any more (and it has to be specifically enabled on the Windows > side, if they haven't dropped it entirely now). I'm not sure what > enctypes the kernel-level support currently implements.
You'll need the kernel from squeeze-backports or later to get enctypes
other than des-cbc-crc.
I can attest that 2.6.39-3~bpo60+1 works with aes128-cts with SHA-1
HMAC, as long as you're using the nfs-kernel-server from bpo or later.
I haven't tried it against a win2k8 kdc, though.
--dkg
signature.asc
Description: OpenPGP digital signature
