Problems with kerberos auth - possibly against ADS - since nfs-utils-1.2.3

Linux NFS development
 help / color / mirror / Atom feed

From: NeilBrown <neilb@suse.de>
To: linux-nfs@vger.kernel.org
Subject: Problems with kerberos auth  - possibly against ADS - since nfs-utils-1.2.3
Date: Thu, 4 Aug 2011 09:21:41 +1000	[thread overview]
Message-ID: <20110804092141.3461c9ce@notabene.brown> (raw)

Hi, 
 I have some reports of problems with kerberos auth in openSUSE 11.4 (using
 1.2.3) which can be fixed by using the openSUSE 11.3 version of rpc.gssd
 (from 1.2.1).

https://bugzilla.novell.com/show_bug.cgi?id=614293

 The important difference seems to be the list of enc_types used in
 limit_krb5_enctypes.

 In 1.2.1 this list is hard coded in the rpc.gssd to 1,3,2 (I think).
 In 1.2.3 this list is taken from the kernel where is it hard coded
  to  18,17,16,23,3,1,2.
 When I patch the 11.4 code to use the old enctype list, it works perfectly.

 So presumably it ends up negotiating one of those other enc_types and
 gets confused by it.

 I'll try to get a comparative tcp dump to see if that helps, but
 if anyone has any idea what the problem might be I'd love to hear
 suggestions.

 The systems are running a 2.6.37 kernel in case that might make a difference.

Thanks,
NeilBrown

next             reply	other threads:[~2011-08-03 23:21 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-08-03 23:21 NeilBrown [this message]
2011-08-04  0:51 ` Problems with kerberos auth - possibly against ADS - since nfs-utils-1.2.3 Kevin Coffman
2011-08-04  1:13   ` NeilBrown
2011-08-04  2:57     ` Kevin Coffman
2011-08-11  5:42       ` NeilBrown
2011-08-11 14:06         ` Kevin Coffman
2011-08-18  9:19           ` NeilBrown
2011-08-18 16:43             ` J. Bruce Fields
2011-08-23  0:16               ` NeilBrown
2011-08-23  0:41                 ` Kevin Coffman
2011-08-23 19:48                 ` J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110804092141.3461c9ce@notabene.brown \
    --to=neilb@suse.de \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox