From: steve <steve@steve-ss.com>
To: tigran.mkrtchyan@desy.de
Cc: linux-nfs@vger.kernel.org
Subject: Re: NFS4 des and weak crypto
Date: Thu, 01 Mar 2012 08:45:05 +0100 [thread overview]
Message-ID: <4F4F2901.4020805@steve-ss.com> (raw)
In-Reply-To: <CAGue13obwkrr4eWAdF0nyQZBhZrh4eSKeAgABV-cGd9cu-0zYA@mail.gmail.com>
On 02/16/2012 11:45 AM, Tigran Mkrtchyan wrote:
> Hi Steve,
>
> On Thu, Feb 16, 2012 at 10:48 AM, steve<steve@steve-ss.com> wrote:
>> Hi
>> openSUSE 12.1
>>
>> On hh6, root issues:
>> mount -t nfs4 hh3:/foo /bar -o sec=krb5
>> rpc.gssd -fvvv throws a fit, the KDC responds with,
>>
>> Kerberos: ENC-TS Pre-authentication succeeded -- HH6$@HH3.SITE using
>> arcfour-hmac-md5
>> Kerberos: TGS-REQ HH6$@HH3.SITE from ipv4:192.168.1.10:45421 for
>> nfs/hh3.hh3.site@HH3.SITE [canonicalize, renewable]
>> Kerberos: TGS-REQ authtime: 2012-02-06T19:44:47 starttime:
>> 2012-02-06T19:44:47 endtime: 2012-02-07T05:44:47 renew till: 20
>>
>> we can logon and request files via the mount.
>>
>> Questions
>> Does this procedure prove that nfs can use other than DES crypto?
> you can check that with wireshark. My screen shot is attached.
>
> Tigran.
>
Hi Tigran
Thanks for the reply. I only seem to get smb packets:
http://2.bp.blogspot.com/-5lxu8-GB44o/T05PfIR-vYI/AAAAAAAAARQ/pfYKQJh1AKM/s1600/w713.png
192.168.1.3 is a nfs, dns and samba server. 192.168.1.12 is a win 7
client. The nfs client at 192.168.1.8 doesn't figure, even though it's
getting files and dns fine from the same server. What am I missing?
Sorry to trouble you.
Steve
next prev parent reply other threads:[~2012-03-01 7:45 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-16 9:48 NFS4 des and weak crypto steve
2012-02-16 14:24 ` Andy Adamson
2012-02-16 16:49 ` Kevin Coffman
[not found] ` <CAGue13obwkrr4eWAdF0nyQZBhZrh4eSKeAgABV-cGd9cu-0zYA@mail.gmail.com>
2012-03-01 7:45 ` steve [this message]
2012-03-01 12:06 ` Tigran Mkrtchyan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4F4F2901.4020805@steve-ss.com \
--to=steve@steve-ss.com \
--cc=linux-nfs@vger.kernel.org \
--cc=tigran.mkrtchyan@desy.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).