subject:"Re\: \[Bug 512110\] \[NEW\] gssd regression, \"Program lacks support for encryption type\""

Re: [Bug 512110] [NEW] gssd regression, "Program lacks support for encryption type"

2010-01-24 Thread Sam Hartman

> "Russ" == Russ Allbery  writes:

Russ> Jochen  writes:
>> After upgrading the krb5 libraries to 1.8 I could not mount my
>> Kerberized NFS4 shares. The following error Message is in the
>> syslog for every mount attempt:

>> rpc.gssd[1298]: rpcsec_gss: gss_init_sec_context: (major)
>> Unspecified GSS failure.  Minor code may provide more information
>> - (minor) Program lacks support for encryption type

>> Switching back to 1.7 fixes this Problem.

Russ> Sounds like NFS v4 doesn't support stronger encryption types
Russ> than DES.  You'll need to add:

Russ> allow_weak_crypto = true

Russ> to the [libdefaults] section of your krb5.conf file.

Right.  I really think this is a gssd bug: the NFS folks have have
multiple years to implement something stronger than DES.  Unlike with
OpenAFS, the protocol has been quite clear; it's purely a matter of
writing code.

The work around Russ suggests is the right user-level fix.  My comments
are more intended to address what the focus should be for the
distributions in terms of fixing this.

We're adding an API to krb5 to fix this for OpenAFS.  Because of the way
the API is constructed, it's very difficult for GSSD to actually call
it.

-- 
gssd regression, "Program lacks support for encryption type"
https://bugs.launchpad.net/bugs/512110
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 512110] [NEW] gssd regression, "Program lacks support for encryption type"

2010-01-24 Thread Russ Allbery

Jochen  writes:

> After upgrading the krb5 libraries to 1.8 I could not mount my
> Kerberized NFS4 shares. The following error Message is in the syslog for
> every mount attempt:

> rpc.gssd[1298]: rpcsec_gss: gss_init_sec_context: (major) Unspecified
> GSS failure.  Minor code may provide more information - (minor) Program
> lacks support for encryption type

> Switching back to 1.7 fixes this Problem.

Sounds like NFS v4 doesn't support stronger encryption types than DES.
You'll need to add:

allow_weak_crypto = true

to the [libdefaults] section of your krb5.conf file.

-- 
Russ Allbery (r...@debian.org)   

-- 
gssd regression, "Program lacks support for encryption type"
https://bugs.launchpad.net/bugs/512110
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 512110] [NEW] gssd regression, "Program lacks support for encryption type"

Re: [Bug 512110] [NEW] gssd regression, "Program lacks support for encryption type"

2 matches

Site Navigation

Mail list logo

Footer information