[Freeipa-users] secure NFSv4 failure after IPA server upgrade
Thomas Sailer
t.sailer at alumni.ethz.ch
Wed Nov 16 19:44:09 UTC 2011
On 11/16/2011 08:40 PM, Simo Sorce wrote:
> Are you using DES keys ? In that case you probably need to allow weak
> crypto on both server and client. Note that if all your server/clients
> are FC16 and you have no old ones < FC14 or < RHEL 6 then you do not
> need to force the creation of the nfs/ principal to use only DES keys.
> Simo.
No. I did not use any -e parameter to ipa-getkeytab, so I got
aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, des3-cbc-sha1 and
arcfour-hmac. Also, enctype 18 is AFAIK not weak.
I also tried enabling weak crypto, and to use only des keys, but that
didn't help either.
Tom
More information about the Freeipa-users
mailing list