Bug 409101
Summary: | fully kerberize nfsv4 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Kevin Krafthefer <krafthef> |
Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | high | ||
Version: | 5.2 | CC: | k.georgiou, kwirth, nalin, riek, tscherf |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-12-09 20:40:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Kevin Krafthefer
2007-12-03 18:57:58 UTC
We currently support Kerberos V5 authentication, checksumming and encryption for NFSv4. What else is expected? Does it work with any key or only with DES keys? We need to work with any key. No we only support DES. But why do we need to work with any key? (Note: not try to be pain just curious as to what other type of keys would give us that DES don't). Single-key DES is limited to a 56-bit key, which is relatively easy to brute-force when compared to other ciphers which Kerberos can use. (I'm mainly thinking of AES here, but there are others.) There's also the deployment problem that having to ensure that only DES keys get set for NFS services, and going back to double-check if that's forgotten during initial setup, is a pain. User krafthef's account has been closed |