Mailinglist Archive: opensuse-bugs (4069 mails)

< Previous Next >
[Bug 614293] NFS with kerberos identification isn't working

https://bugzilla.novell.com/show_bug.cgi?id=614293

https://bugzilla.novell.com/show_bug.cgi?id=614293#c48


Neil Brown <nfbrown@xxxxxxxxxx> changed:

What |Removed |Added
----------------------------------------------------------------------------
InfoProvider|mcaj@xxxxxxxx |update@xxxxxxxxxxxxxx

--- Comment #48 from Neil Brown <nfbrown@xxxxxxxxxx> 2011-08-17 00:55:29 UTC ---
Thanks for the log...
It looks a bit odd though - I cannot make out why it is doing what it appears
to be doing.

So I've spent a while setting up kerberos and exploring gssd and I have found
another possible approach.

Could you please try adding

default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1

to the [libdefaults] section of /etc/krb5.conf, and trying again with the
standard openSUSE-11.4 rpc.gssd?
If that doesn't get you there, add

permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1

and see if that helps.

It appears that the problem is really with the server - the libraries
understand the newer encryptiong types but the kernel doesn't. So a client
that uses a newer encryption type results in confusion. The above addition to
krb5.conf tell kerberos to only use the older encryption types and so allow it
to work with an older server.
I don't actually have an 11.1 machine I can play with as a server so I haven't
tried out exactly the combination you have, but making those changes does seem
to change the things that rpc.gssd says to better match what the old rpc.gssd
said.

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >