From: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
To: steve <steve@steve-ss.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: NFS4 des and weak crypto
Date: Thu, 1 Mar 2012 13:06:49 +0100 [thread overview]
Message-ID: <CAGue13qehJdP+nrxFPJsLjk5Jv1CAr00O2NybNOhXSJ2Zu87Tg@mail.gmail.com> (raw)
In-Reply-To: <4F4F2901.4020805@steve-ss.com>
Hi Steve,
you could try to enable capture filter like 'port 2049 and host 192.168.1.8'
to see only nfs traffic.
Tigran.
On Thu, Mar 1, 2012 at 8:45 AM, steve <steve@steve-ss.com> wrote:
> On 02/16/2012 11:45 AM, Tigran Mkrtchyan wrote:
>>
>> Hi Steve,
>>
>> On Thu, Feb 16, 2012 at 10:48 AM, steve<steve@steve-ss.com> wrote:
>>>
>>> Hi
>>> openSUSE 12.1
>>>
>>> On hh6, root issues:
>>> mount -t nfs4 hh3:/foo /bar -o sec=krb5
>>> rpc.gssd -fvvv throws a fit, the KDC responds with,
>>>
>>> Kerberos: ENC-TS Pre-authentication succeeded -- HH6$@HH3.SITE using
>>> arcfour-hmac-md5
>>> Kerberos: TGS-REQ HH6$@HH3.SITE from ipv4:192.168.1.10:45421 for
>>> nfs/hh3.hh3.site@HH3.SITE [canonicalize, renewable]
>>> Kerberos: TGS-REQ authtime: 2012-02-06T19:44:47 starttime:
>>> 2012-02-06T19:44:47 endtime: 2012-02-07T05:44:47 renew till: 20
>>>
>>> we can logon and request files via the mount.
>>>
>>> Questions
>>> Does this procedure prove that nfs can use other than DES crypto?
>>
>> you can check that with wireshark. My screen shot is attached.
>>
>> Tigran.
>>
> Hi Tigran
>
> Thanks for the reply. I only seem to get smb packets:
> http://2.bp.blogspot.com/-5lxu8-GB44o/T05PfIR-vYI/AAAAAAAAARQ/pfYKQJh1AKM/s1600/w713.png
>
> 192.168.1.3 is a nfs, dns and samba server. 192.168.1.12 is a win 7 client.
> The nfs client at 192.168.1.8 doesn't figure, even though it's getting files
> and dns fine from the same server. What am I missing?
>
> Sorry to trouble you.
> Steve
>
prev parent reply other threads:[~2012-03-01 12:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-16 9:48 NFS4 des and weak crypto steve
2012-02-16 14:24 ` Andy Adamson
2012-02-16 16:49 ` Kevin Coffman
[not found] ` <CAGue13obwkrr4eWAdF0nyQZBhZrh4eSKeAgABV-cGd9cu-0zYA@mail.gmail.com>
2012-03-01 7:45 ` steve
2012-03-01 12:06 ` Tigran Mkrtchyan [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGue13qehJdP+nrxFPJsLjk5Jv1CAr00O2NybNOhXSJ2Zu87Tg@mail.gmail.com \
--to=tigran.mkrtchyan@desy.de \
--cc=linux-nfs@vger.kernel.org \
--cc=steve@steve-ss.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).