On 01/31/2012 02:10 PM, Russ Allbery wrote: > I personally have never used Kerberized NFS (we're an AFS site), so I'm > not really the one to comment on what enctypes NFS requires. I don't > track NFS development at all. But if NFS is no longer limited to DES, > it's very likely that it now supports the full range of standard Kerberos > enctypes, in which case the right thing to do is to just leave off the -e > flag completely and let the Kerberos infrastructure use whatever its > default configured enctype list is.
Recent versions of the nfs userland (1.2.5 and up, i think) rely on getting a report from the kernel about what enctypes the kernel supports. I think that data is usually reported by the kernel in /proc/fs/nfsd/supported_krb5_enctypes, where the enctypes are identified by number, like so: 18,17,16,23,3,1,2 note that there has been some talk about moving the location of that file, but i'm not sure whether any decision has been made: http://thread.gmane.org/gmane.linux.nfs/40940 --dkg
signature.asc
Description: OpenPGP digital signature
