From: Kevin Coffman <kwc@citi.umich.edu>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Michael Guntsche <mike@it-loops.com>,
"Dr. J. Bruce Fields" <bfields@fieldses.org>,
"Finney, Sean" <Sean.Finney@sonyericsson.com>,
"vovan@vovan.nl" <vovan@vovan.nl>,
"linux-nfs@vger.kernel.org" <linux-nfs@vger.kernel.org>
Subject: Re: [BUG] sec=krb5 mount problem with nfs-utils 1.2.3 on client side
Date: Fri, 15 Apr 2011 10:21:08 -0400 [thread overview]
Message-ID: <BANLkTinUvdAsikun83=Bx3ssNM=m3zMEdw@mail.gmail.com> (raw)
In-Reply-To: <1302874150.29239.12.camel@lade.trondhjem.org>
On Fri, Apr 15, 2011 at 9:29 AM, Trond Myklebust
<trond.myklebust@fys.uio.no> wrote:
> On Fri, 2011-04-15 at 12:16 +0200, Michael Guntsche wrote:
>> Thank you for the information, but I got it working in the meantime.
>> The main problem still is that the code for some reason tries to use AES
>> although I tried specifying a different enctype in my kerberos config.
>> Nevertheless it should just work with AES as well, so where was the
>> problem?
>> Quite simple....missing kernel support. I enabled AES support but I DID
>> NOT enable CTS support which is of course needed as well. So after
>> compiling the server and client kernels with BOTH AES and CTS support I
>> can no mount the NFS4 export without any issues.
>
> Sigh. We really should not allow that kind of config. It just creates
> confusion.
>
> Kevin, what are the dependencies for the kerberos V module today? Am I
> missing something in the following list?
>
> depends on SUNRPC && CRYPTO
> depends on CRYPTO_MD5 && CRYPTO_DES && CRYPTO_CBC && CRYPTO_CTS
> depends on CRYPTO_ECB && CRYPTO_HMAC && CRYPTO_MD5 &&
> CRYPTO_SHA1
> depends on CRYPTO_AES
>
> Cheers
> Trond
Yeah, I think that stuff got left out of the final patches.
DES3 needs (in addition to the stuff already there for DES) HMAC and SHA1
AES needs SHA1 AES CTS
RC4 needs ECB ARC4 MD5
So I think you are only missing CRYPTO_ARC4.
prev parent reply other threads:[~2011-04-15 14:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-14 23:20 [BUG] sec=krb5 mount problem with nfs-utils 1.2.3 on client side Michael Guntsche
2011-04-15 4:02 ` Vladimir Elisseev
2011-04-15 6:01 ` Finney, Sean
2011-04-15 7:15 ` Vladimir Elisseev
2011-04-15 7:29 ` Finney, Sean
2011-04-15 10:16 ` Michael Guntsche
2011-04-15 13:29 ` Trond Myklebust
2011-04-15 13:31 ` Trond Myklebust
2011-04-15 14:21 ` Kevin Coffman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='BANLkTinUvdAsikun83=Bx3ssNM=m3zMEdw@mail.gmail.com' \
--to=kwc@citi.umich.edu \
--cc=Sean.Finney@sonyericsson.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=mike@it-loops.com \
--cc=trond.myklebust@fys.uio.no \
--cc=vovan@vovan.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).