From: Steve Dickson <SteveD@redhat.com>
To: Kevin Coffman <kwc@umich.edu>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH] rpc.gssd: Don't supply the KDC with unsupported encryption types
Date: Tue, 11 Nov 2008 15:05:10 -0500 [thread overview]
Message-ID: <4919E576.6050301@RedHat.com> (raw)
In-Reply-To: <4d569c330811111033p70264b87r2463e8cb68b985e9-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Kevin Coffman wrote:
> Hi Steve,
>
> This patch shouldn't be necessary.
>
> When you say "registers with the KDC", I assume that you mean gets a
> TGT.
I'm not sure what a TGT is... but what I talking about is the AS-REQ and AS-REP
(output from wireshark):
Kerberos AS-REQ (from rpc.gssd)
Pvno: 5
MSG Type: AS-REQ (10)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40000010 (Forwardable, Renewable OK)
Client Name (Principal): nfs/HOST.DOMAINNAME
Realm: REALM
Server Name (Unknown): krbtgt/REALM
from: 2008-11-11 12:56:53 (UTC)
till: 2008-11-12 12:56:53 (UTC)
Nonce: 1226408213
Encryption Types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 rc4-hmac des-cbc-crc des-cbc-md5 des-cbc-md4 rsa-sha1-cms rsa-md5-cms des-ede3-cbc-env rc2-cbc-env rsa-env
Kerberos AS-REP (From a linux KDC)
Pvno: 5
MSG Type: AS-REP (11)
padata: PA-ENCTYPE-INFO2
Client Realm: REALM
Client Name (Principal): nfs/HOST.home.DOMAINNAME
Ticket
enc-part des-cbc-crc
So my point is what if the KDC returns something other that 'des-cbc-crc' in the
AS-REP since in the AS-REQ we says we support all those encryption types.
Again this is still all theory since still don't have a functionally
non-linux KDC but I'm working on it...
steved.
next prev parent reply other threads:[~2008-11-11 20:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-11 16:40 [PATCH] rpc.gssd: Don't supply the KDC with unsupported encryption types Steve Dickson
[not found] ` <4919B57C.6050104-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-11-11 18:33 ` Kevin Coffman
[not found] ` <4d569c330811111033p70264b87r2463e8cb68b985e9-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-11-11 20:05 ` Steve Dickson [this message]
[not found] ` <4919E576.6050301-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-11-11 21:01 ` Kevin Coffman
[not found] ` <4d569c330811111301r5948b77rd6125ffc0b950d88-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-11-25 14:50 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4919E576.6050301@RedHat.com \
--to=steved@redhat.com \
--cc=kwc@umich.edu \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.