"Kramarenko A. Maxim" <mc-si...@ya.ru> writes: >> It would be more interesting to run klist -e after attempting to contact >> the server, so that you can see what the encryption type of the service >> ticket for the NFS server was.
> on client: > root@debian:~# kinit -k nfs/debian.sag.local > root@debian:~# klist -e > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: nfs/debian.sag.local@SAG.LOCAL > Valid starting Expires Service principal > 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/SAG.LOCAL@SAG.LOCAL > renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac No, this is the TGT for the client's principal. Rather than running klist -e immediately after obtaining credentials, run kinit and then try to access NFS (so that rpc.gssd will obtain a service ticket for the server) and *then* run klist -e and look at what encryption type the service ticket for nfs/archiv.sag.local@SAG.LOCAL has. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87obwe2ane....@windlord.stanford.edu
