https://bugzilla.novell.com/show_bug.cgi?id=614293 https://bugzilla.novell.com/show_bug.cgi?id=614293#c50 Neil Brown <nfbrown@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #50 from Neil Brown <nfbrown@novell.com> 2011-08-18 09:07:54 UTC --- I suspect it might affect the strength of the crypto used for logins too. However your security is only as strong as the weakest link, and as your NFS server does not support anything stronger it will be your weakest link. DES is theoretically more vulnerable than more recent encodings. How much this actually increases your exposure is very hard to say. The safest approach is to upgrade the server so you can drop the limitation. AES crypto was added in 2.6.35, but server support requires either 2.6.39, or possibly an earlier kernel with nfs-utils-1.2.5 (which hasn't been release yet). As the original bug mention in this bugzilla was fixed, I'll resolve this as FIXED. The subsequent bug is really a server bug for which we have a workaround (default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1) so I won't pursue that any more. Thanks for you help in getting to the bottom of this. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.