[Freeipa-devel] Bug?
Rob Crittenden
rcritten at redhat.com
Mon Jun 24 13:00:05 UTC 2013
Dean Hunter wrote:
> Is this a bug for which I should open a bug report?
>
> # Configure the Network File Server
>
> yum install --assumeyes freeipa-admintools
> Loaded plugins: langpacks, refresh-packagekit
> Package freeipa-admintools-3.2.1-1.fc19.x86_64 already installed and
> latest version
> Nothing to do
>
> echo adminpassword | kinit admin
> Password for admin at HUNTER.ORG <mailto:admin at HUNTER.ORG>
>
> ipa service-add nfs/ipa19.hunter.org
> -----------------------------------------------
> Added service "nfs/ipa19.hunter.org at HUNTER.
> <mailto:ipa19.hunter.org at HUNTER>ORG"
> -----------------------------------------------
> Principal: nfs/ipa19.hunter.org at HUNTER.ORG
> Managed by: ipa19.hunter.org
>
> ipa-getkeytab \\
> --keytab /etc/krb5.keytab \\
> --principal nfs/ipa19.hunter.org \\
> --server ipa19.hunter.org
> Failed to retrieve encryption type Camellia-128 CTS mode with CMAC (#25)
> Failed to retrieve encryption type Camellia-256 CTS mode with CMAC (#26)
>
> kdestroy
Not really. Camellia was enabled by default in 1.11 (it was added back
in 1.9, but disabled by default). IPA does not currently enable the
cipher on the KDC.
So this is the client requesting all enabled ciphers and the server not
returning the Camellia ciphers. It is just a warning.
At best this is an RFE to enable Camellia by default on the KDC.
rob
More information about the Freeipa-devel
mailing list