On Thu, 2014-03-20 at 14:48 +0100, ольга крыжановская wrote: > Can any one confirm, or deny, that using only > > permitted_enctypes = "des-cbc-crc" > > will work around the problem?
In older kernels the only encryption algorithm supported for NFS is DES, this is a well known limitation. > How can I create such a "des-cbc-crc" > key, if I do not have them yet? You can get a new set of key for the principal using ktadd and passing it -e des-cbc-crc as an option. This will create only a des key for the principal and the KDC will us no other encryption algorithms when releasing tickets for the principal to other clients. HTH, Simo. -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos