https://bugzilla.novell.com/show_bug.cgi?id=614293
https://bugzilla.novell.com/show_bug.cgi?id=614293#c48
Neil Brown changed:
What |Removed |Added
----------------------------------------------------------------------------
InfoProvider|mcaj@suse.com |update@mrc-systems.de
--- Comment #48 from Neil Brown 2011-08-17 00:55:29 UTC ---
Thanks for the log...
It looks a bit odd though - I cannot make out why it is doing what it appears
to be doing.
So I've spent a while setting up kerberos and exploring gssd and I have found
another possible approach.
Could you please try adding
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
to the [libdefaults] section of /etc/krb5.conf, and trying again with the
standard openSUSE-11.4 rpc.gssd?
If that doesn't get you there, add
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
and see if that helps.
It appears that the problem is really with the server - the libraries
understand the newer encryptiong types but the kernel doesn't. So a client
that uses a newer encryption type results in confusion. The above addition to
krb5.conf tell kerberos to only use the older encryption types and so allow it
to work with an older server.
I don't actually have an 11.1 machine I can play with as a server so I haven't
tried out exactly the combination you have, but making those changes does seem
to change the things that rpc.gssd says to better match what the old rpc.gssd
said.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.