I upgraded krb5-user from the repository, backports, but the error remained the
same:
ARCHIV ~ # dpkg -l | grep -i mit
ii krb5-user 1.9.1+dfsg-3
Basic programs to authenticate using MIT Ke
ii libgssapi-krb5-2 1.9.1+dfsg-
Russ Allbery писал(а) в своём письме Tue, 15 Nov 2011
11:21:05 +0400:
"Kramarenko A. Maxim" writes:
The only thing that I can think of at this point is that the underlying
GSS-API implementation behind rpc.svcgssd isn't supporting arcfour-hmac
for some reason. Maybe you
Russ Allbery писал(а) в своём письме Tue, 15 Nov 2011
09:54:29 +0400:
"Kramarenko A. Maxim" writes:
It would be more interesting to run klist -e after attempting to
contact
the server, so that you can see what the encryption type of the service
ticket for the NFS server
Russ Allbery писал(а) в своём письме Tue, 15 Nov 2011
00:27:01 +0400:
"Kramarenko A. Maxim" writes:
The NFS server, client, and KDC all have to agree on a single encryption
type, and the encryption type of the service ticket issued by the KDC to
the client has to be in an encry
Daniel Kahn Gillmor писал(а) в своём письме Mon,
14 Nov 2011 23:05:36 +0400:
On 11/14/2011 01:19 PM, Russ Allbery wrote:
You'll need the kernel from squeeze-backports or later to get enctypes
other than des-cbc-crc.
I can attest that 2.6.39-3~bpo60+1 works with aes128-cts with SHA-1
HMAC,
Russ Allbery писал(а) в своём письме Mon, 14 Nov 2011
22:19:04 +0400:
I don't know what's going on with the NFS portion of this, since I don't
use NFS at all, but I can tell you a few things about the Kerberos end.
For a Windows 2008r2 Active Directory domain controller, the only
enctypes
Luk Claes писал(а) в своём письме Mon, 14 Nov 2011
19:36:41 +0400:
On 11/14/2011 04:57 PM, Mc.Sim wrote:
Why would that work without changing anything in your Kerberos keytabs?
keytab contains both types of encryption. (example below in the text)
Nov 14 18:39:20 archiv rpc.svcgssd[4812]
7 matches
Mail list logo
