https://bugzilla.novell.com/show_bug.cgi?id=614293
https://bugzilla.novell.com/show_bug.cgi?id=614293#c50
Neil Brown changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
--- Comment #50 from Neil Brown 2011-08-18 09:07:54 UTC ---
I suspect it might affect the strength of the crypto used for logins too.
However your security is only as strong as the weakest link, and as your NFS
server does not support anything stronger it will be your weakest link.
DES is theoretically more vulnerable than more recent encodings. How much this
actually increases your exposure is very hard to say.
The safest approach is to upgrade the server so you can drop the limitation.
AES crypto was added in 2.6.35, but server support requires either 2.6.39, or
possibly an earlier kernel with nfs-utils-1.2.5 (which hasn't been release
yet).
As the original bug mention in this bugzilla was fixed, I'll resolve this as
FIXED.
The subsequent bug is really a server bug for which we have a workaround
(default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1) so I won't
pursue that any more.
Thanks for you help in getting to the bottom of this.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.