"Kramarenko A. Maxim" <[email protected]> writes: >> It would be more interesting to run klist -e after attempting to contact >> the server, so that you can see what the encryption type of the service >> ticket for the NFS server was.
> on client: > root@debian:~# kinit -k nfs/debian.sag.local > root@debian:~# klist -e > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: nfs/[email protected] > Valid starting Expires Service principal > 11/15/11 09:27:22 11/15/11 19:27:30 krbtgt/[email protected] > renew until 11/16/11 09:27:22, Etype (skey, tkt): arcfour-hmac, > arcfour-hmac No, this is the TGT for the client's principal. Rather than running klist -e immediately after obtaining credentials, run kinit and then try to access NFS (so that rpc.gssd will obtain a service ticket for the server) and *then* run klist -e and look at what encryption type the service ticket for nfs/[email protected] has. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
