From: Steve Dickson <SteveD@redhat.com>
To: Kevin Coffman <kwc@umich.edu>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH] rpc.gssd: Don't supply the KDC with unsupported encryption types
Date: Tue, 11 Nov 2008 15:05:10 -0500 [thread overview]
Message-ID: <4919E576.6050301@RedHat.com> (raw)
In-Reply-To: <4d569c330811111033p70264b87r2463e8cb68b985e9-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
Kevin Coffman wrote:
> Hi Steve,
>
> This patch shouldn't be necessary.
>
> When you say "registers with the KDC", I assume that you mean gets a
> TGT.
I'm not sure what a TGT is... but what I talking about is the AS-REQ and AS-REP
(output from wireshark):
Kerberos AS-REQ (from rpc.gssd)
Pvno: 5
MSG Type: AS-REQ (10)
KDC_REQ_BODY
Padding: 0
KDCOptions: 40000010 (Forwardable, Renewable OK)
Client Name (Principal): nfs/HOST.DOMAINNAME
Realm: REALM
Server Name (Unknown): krbtgt/REALM
from: 2008-11-11 12:56:53 (UTC)
till: 2008-11-12 12:56:53 (UTC)
Nonce: 1226408213
Encryption Types: aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 des3-cbc-sha1 rc4-hmac des-cbc-crc des-cbc-md5 des-cbc-md4 rsa-sha1-cms rsa-md5-cms des-ede3-cbc-env rc2-cbc-env rsa-env
Kerberos AS-REP (From a linux KDC)
Pvno: 5
MSG Type: AS-REP (11)
padata: PA-ENCTYPE-INFO2
Client Realm: REALM
Client Name (Principal): nfs/HOST.home.DOMAINNAME
Ticket
enc-part des-cbc-crc
So my point is what if the KDC returns something other that 'des-cbc-crc' in the
AS-REP since in the AS-REQ we says we support all those encryption types.
Again this is still all theory since still don't have a functionally
non-linux KDC but I'm working on it...
steved.
next prev parent reply other threads:[~2008-11-11 20:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-11 16:40 [PATCH] rpc.gssd: Don't supply the KDC with unsupported encryption types Steve Dickson
[not found] ` <4919B57C.6050104-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-11-11 18:33 ` Kevin Coffman
[not found] ` <4d569c330811111033p70264b87r2463e8cb68b985e9-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-11-11 20:05 ` Steve Dickson [this message]
[not found] ` <4919E576.6050301-AfCzQyP5zfLQT0dZR+AlfA@public.gmane.org>
2008-11-11 21:01 ` Kevin Coffman
[not found] ` <4d569c330811111301r5948b77rd6125ffc0b950d88-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-11-25 14:50 ` Steve Dickson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4919E576.6050301@RedHat.com \
--to=steved@redhat.com \
--cc=kwc@umich.edu \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox