On Mon, Oct 24, 2011 at 04:26:10PM -0400, Daniel Kahn Gillmor wrote: > On 10/24/2011 03:09 PM, Rob Naccarato wrote: > > > > nfs-common 1:1.2.4-1~bpo60+1 > > ok, that matches my setup. > > >> A useful test might be to *reduce* the number of supported_enctypes to a > >> select one or two, then change the keys for the client and the server > >> (and for any user account using krb5 authentication) and re-try. > > > > So, reduce the list to, say, just aes128-cts:normal? Should I also remove > > the > > allow_weak_crypto option? > > yes, that's what i would try -- it appears to be currently working for > me. Perhaps someone more experienced with krb5 and nfs than i am can > also weigh in with suggestions.
Alright, my kdc.conf contains: supported_enctypes = aes128-cts:normal Both client and server krb5.conf's have allow_weak_crypto commented out. Now I get a different error on the nfs server: Oct 24 17:39:57 blackdog rpc.svcgssd[28694]: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): GSS_S_FAILURE (Unspecified GSS failure. Minor code may provide more information) - No supported encryption types (config file error?) -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111024214303.ga28...@naccy.org