Hi. gss_set_allowable_enctypes does correctly set the fields in the krb5_context that should control which enctypes are requested. The problem though is that krb5_get_credentials gets a ticket with session keys outside this restriction. so, something broke in respecting enctype restrictions.
A temporary work around is to make sure that the nfs/server_name key only has des-cbc-crc enctypes. I.E. ktadd -e des-cbc-crc:normal nfs/[EMAIL PROTECTED] You should actually do that anyway because your server does not support other encryption types. But gss_set_allowable_enctypes should work correctly. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]