On Wed, Jun 08, 2011 at 02:10:32PM -0400, Sam Hartman wrote:
> Hi.
> I was missing some context here.
>
> My suspicion is that things will work
> if you add
> permitted_enctypes = des-cbc-crc
> default_tgs_enctypes = des-cbc-crc
> to the configuration of the nfs server
>
> And make sure that the nfs principal on the NFS server has nothing but a
> des-cbc-crc key in the KDC database.
> That is
> kadmin.local: getprinc nfs/machine_name
> should only list DES keys.
Hi Sam,
Thanks for looking into this.
I'd rather not touch anything in the server, since +100 clients are
using it.
> If you satisfy all of these conditions then I *think* that a sid client
> can connect to a squeeze server.
Humm, the server is (right now) lenny in my case.
> It may also work to make the following config changes on the client:
>
> default_tgs_enctypes = des-cbc-crc
>
> and no config changes on the server.
Did that, no luck :-(
I really wonder how I make it work last time...
Now I have (not working):
agi@lib:~$ grep cbc /etc/krb5.conf
permitted_enctypes = des-cbc-crc
default_tgs_enctypes = des-cbc-crc
agi@lib:~$ grep weak /etc/krb5.conf
allow_weak_crypto = yes
And only the des-cbc-crc:normal key on this hosts' keytab.
Regards,
Alberto
--
Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred | http://inittab.com
Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
