kerberos implementations compatibility
Kevin Coffman
kwc at citi.umich.edu
Tue Mar 20 09:58:14 EDT 2007
On 3/20/07, Guillaume Rousse <Guillaume.Rousse at inria.fr> wrote:
> Hello.
>
> On mandriva, nfs-utils is built with MIT kerberos libraries. I tried to
> setup a gss/krb5 export, using a keytab produced by an heimdal KDC. All
> my attempts to launch rpc.gssd failed with the following error message:
>
> messages.1.gz:Mar 16 12:28:49 etoile rpc.gssd[8086]: rpcsec_gss:
> gss_init_sec_context: (major) Miscellaneous failure - (minor) No
> credentials found with supported encryption types
>
> Despite my principal only had des-cbc-crc keys, with pw-salt as salting
> type ('normal' doesn't exist with heimdal).
>
> As soon as I changed for a MIT KDC, everything was fine. So basically,
> I'm curious about potential incompatibilities between keytab/encryption
> scheme between MIT/Heimdal implementations. I know, this is rather a
> kerberos question than a nfs one :)
> _______________________________________________
Interesting. So you had to use the Heimdal kadmin to create the
keytab, correct? What do you get from 'klist -e -k' on the server?
The salt type _shouldn't_ be a factor here since it should only be
used to translate string-to-key. A packet trace from the client
capturing the packets from it to the KDC and the NFS server would be
helpful also.
K.C.
More information about the NFSv4
mailing list