Kerberos incompatibilities
Kevin Coffman
kwc at citi.umich.edu
Tue Sep 4 13:50:57 EDT 2007
Lukas,
The ultimate problem is that the server's principal
(nfs/cache04.video.muni.cz at ICS.MUNI.CZ) has been created with a
Triple-DES key which is not currently supported on Linux. See
http://www.citi.umich.edu/projects/nfsv4/linux/krb5-setup.html
However, before changing that, It is not entirely clear to me why you
are not seeing this problem in both the stable and unstable cases.
I'd like to figure that out.
Both versions should have the client-side code that attempts to limit
the encryption types negotiated with the server. That is why I was
interested in a packet trace -- "tcpdump -s0 -w /tmp/trace.pcap" -- to
see what the Kerberos request/response packets look like. If you
could send me this output from the (working) stable and the (failing)
unstable client, that might help.
K.C.
More information about the NFSv4
mailing list