[31623] in Kerberos
stronger ciphers support for NFS on RHEL5 (Secure NFS under Red Hat
daemon@ATHENA.MIT.EDU (Mikhail T.)
Wed Oct 28 17:54:47 2009
Message-ID: <4AE8B8BD.8000306@aldan.algebra.com>
Date: Wed, 28 Oct 2009 17:33:49 -0400
From: "Mikhail T." <mi+thun@aldan.algebra.com>
MIME-Version: 1.0
To: kerberos@mit.edu, kwc@citi.umich.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello!
The message at
http://mailman.mit.edu/pipermail/kerberos/2008-March/013398.html
warns about using anything but des-cbc-crc for NFS-access on Linux, but
ends with:
RHEL 5 has MIT 1.6, so the problem shouldn't exist there.
I'm currently struggling to make the KRB5-secured NFS-mounts work
between RHEL-5.4 client and a Solaris-8 server. The mounts succeed:
apdevl:/krbexport on /mnt type nfs (rw,intr,sec=krb5,addr=x.x.x.x)
but any attempt to access the mounted share (/mnt) is denied. All such
attempts also result in the following messages logged by rpc.gssd on the
client:
WARNING: Failed to create krb5 context for user with uid 18039 for
server apdevl.dev.pathfinder.com
Am I right thinking, the problem is due to des-cbc-crc being disabled
realm-wide here? (The DES cipher is deemed too insecure by the network
admins.) Should I still have this problem -- despite running RHEL-5.4?
Any chance, support for stronger ciphers was added to Linux NFS-clients
since RHEL-5.4 was released?
Thanks a lot! Yours,
-mi
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
