Bug 498317

Summary:

RFE: Add support for modern kerberos key types in NFS client and server

Product:

Red Hat Enterprise Linux 6

Reporter:

Simo Sorce <ssorce>

Component:

kernel

Assignee:

Steve Dickson <steved>

Status:

CLOSED CURRENTRELEASE

QA Contact:

Red Hat Kernel QE team <kernel-qe>

Severity:

high

Docs Contact:

Priority:

high

Version:

6.0

CC:

arozansk, borgan, branto, dpal, jlayton, jwest, nalin, pasteur, rwheeler, snagar, steved, syeghiay

Target Milestone:

beta

Keywords:

FutureFeature

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Enhancement

Doc Text:

Story Points:

---

Clone Of:

498316

Clones:

583137 (view as bug list)

Environment:

Last Closed:

2010-11-11 16:00:44 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

498316, 556873

Bug Blocks:

583137

Attachments:

Description	Flags
Tar file of kernel patches and nfs-utils patches	none

Description Simo Sorce 2009-04-29 20:26:03 UTC

+++ This bug was initially created as a clone of Bug #498316 +++

Description of problem:

The current in kernel implementation of the NFS Server and Client can't use any other key types but the DES key type.

DES keys have been long deprecated, all major Kerberos KDC implementation either already disable generation of kerberos keys by default or are going to.

DES keys are also not considered safe by Government Agencies regulations, and can't probably be used without explicit exemptions.

Acceptable key types would be RC4 and AES (probably also DES3).

Comment 1 Simo Sorce 2010-01-12 15:44:55 UTC

Raising priority.

*please* get this going, it is really important, we can't ship 6.0 without supporting any good encryption. DES is dead and is being removed from all major krb implementations (it is also disabled by default in AD since always).

Comment 3 Dmitri Pal 2010-01-19 17:54:02 UTC

*** Bug 556873 has been marked as a duplicate of this bug. ***

Comment 4 Peter Staubach 2010-03-02 20:09:21 UTC

Created attachment 397405 [details]
Tar file of kernel patches and nfs-utils patches

Here is a tar file containing the original patches, those patches
ported to Fedora, a large patch containing all of the smaller
patches, and the nfs-utils patches to rpc.gssd and rpc.svcgssd
which are required.

Comment 10 Aristeu Rozanski 2010-04-20 19:43:23 UTC

Patch(es) available on kernel-2.6.32-22.el6
Related patch: http://patchwork.usersys.redhat.com/patch/23652
Related patch: http://patchwork.usersys.redhat.com/patch/23653
Related patch: http://patchwork.usersys.redhat.com/patch/23654
Related patch: http://patchwork.usersys.redhat.com/patch/23655
Related patch: http://patchwork.usersys.redhat.com/patch/23656
Related patch: http://patchwork.usersys.redhat.com/patch/23657
Related patch: http://patchwork.usersys.redhat.com/patch/23658
Related patch: http://patchwork.usersys.redhat.com/patch/23659
Related patch: http://patchwork.usersys.redhat.com/patch/23660
Related patch: http://patchwork.usersys.redhat.com/patch/23661
Related patch: http://patchwork.usersys.redhat.com/patch/23662

Related patch: http://patchwork.usersys.redhat.com/patch/23801

Related patch: http://patchwork.usersys.redhat.com/patch/23827
Related patch: http://patchwork.usersys.redhat.com/patch/24047

Related patch: http://patchwork.usersys.redhat.com/patch/23840

Related patch: http://patchwork.usersys.redhat.com/patch/23900

Related patch: http://patchwork.usersys.redhat.com/patch/23935

Related patch: http://patchwork.usersys.redhat.com/patch/23933

Related patch: http://patchwork.usersys.redhat.com/patch/23936

Related patch: http://patchwork.usersys.redhat.com/patch/23989
Related patch: http://patchwork.usersys.redhat.com/patch/23990
Related patch: http://patchwork.usersys.redhat.com/patch/24018
Related patch: http://patchwork.usersys.redhat.com/patch/24021
Related patch: http://patchwork.usersys.redhat.com/patch/24030
Related patch: http://patchwork.usersys.redhat.com/patch/24031
Related patch: http://patchwork.usersys.redhat.com/patch/24033
Related patch: http://patchwork.usersys.redhat.com/patch/24036

Related patch: http://patchwork.usersys.redhat.com/patch/24051
Related patch: http://patchwork.usersys.redhat.com/patch/24052
Related patch: http://patchwork.usersys.redhat.com/patch/24054
Related patch: http://patchwork.usersys.redhat.com/patch/24053

Related patch: http://patchwork.usersys.redhat.com/patch/24064

Related patch: http://patchwork.usersys.redhat.com/patch/24067

Related patch: http://patchwork.usersys.redhat.com/patch/24090

Related patch: http://patchwork.usersys.redhat.com/patch/24091

Related patch: http://patchwork.usersys.redhat.com/patch/24071
Related patch: http://patchwork.usersys.redhat.com/patch/24072
Related patch: http://patchwork.usersys.redhat.com/patch/24073
Related patch: http://patchwork.usersys.redhat.com/patch/24074
Related patch: http://patchwork.usersys.redhat.com/patch/24075
Related patch: http://patchwork.usersys.redhat.com/patch/24076
Related patch: http://patchwork.usersys.redhat.com/patch/24077
Related patch: http://patchwork.usersys.redhat.com/patch/24079
Related patch: http://patchwork.usersys.redhat.com/patch/24082
Related patch: http://patchwork.usersys.redhat.com/patch/24080
Related patch: http://patchwork.usersys.redhat.com/patch/24083
Related patch: http://patchwork.usersys.redhat.com/patch/24086
Related patch: http://patchwork.usersys.redhat.com/patch/24087
Related patch: http://patchwork.usersys.redhat.com/patch/24085
Related patch: http://patchwork.usersys.redhat.com/patch/24088
Related patch: http://patchwork.usersys.redhat.com/patch/24089
Related patch: http://patchwork.usersys.redhat.com/patch/24134
Related patch: http://patchwork.usersys.redhat.com/patch/24081

Related patch: http://patchwork.usersys.redhat.com/patch/24071
Related patch: http://patchwork.usersys.redhat.com/patch/24078

Related patch: http://patchwork.usersys.redhat.com/patch/24106

Related patch: http://patchwork.usersys.redhat.com/patch/24109

Related patch: http://patchwork.usersys.redhat.com/patch/24125
Related patch: http://patchwork.usersys.redhat.com/patch/24124
Related patch: http://patchwork.usersys.redhat.com/patch/24123

Related patch: http://patchwork.usersys.redhat.com/patch/24126

Related patch: http://patchwork.usersys.redhat.com/patch/24128

Related patch: http://patchwork.usersys.redhat.com/patch/24135

Related patch: http://patchwork.usersys.redhat.com/patch/24136

Related patch: http://patchwork.usersys.redhat.com/patch/24137

Related patch: http://patchwork.usersys.redhat.com/patch/24139

Related patch: http://patchwork.usersys.redhat.com/patch/24130

Related patch: http://patchwork.usersys.redhat.com/patch/24164

Related patch: http://patchwork.usersys.redhat.com/patch/24168

Related patch: http://patchwork.usersys.redhat.com/patch/24171

Related patch: http://patchwork.usersys.redhat.com/patch/24173
Related patch: http://patchwork.usersys.redhat.com/patch/24174
Related patch: http://patchwork.usersys.redhat.com/patch/24175
Related patch: http://patchwork.usersys.redhat.com/patch/24182
Related patch: http://patchwork.usersys.redhat.com/patch/24176
Related patch: http://patchwork.usersys.redhat.com/patch/24177
Related patch: http://patchwork.usersys.redhat.com/patch/24180
Related patch: http://patchwork.usersys.redhat.com/patch/24179
Related patch: http://patchwork.usersys.redhat.com/patch/24184
Related patch: http://patchwork.usersys.redhat.com/patch/24178
Related patch: http://patchwork.usersys.redhat.com/patch/24185
Related patch: http://patchwork.usersys.redhat.com/patch/24181
Related patch: http://patchwork.usersys.redhat.com/patch/24186
Related patch: http://patchwork.usersys.redhat.com/patch/24183
Related patch: http://patchwork.usersys.redhat.com/patch/24190
Related patch: http://patchwork.usersys.redhat.com/patch/24188
Related patch: http://patchwork.usersys.redhat.com/patch/24194
Related patch: http://patchwork.usersys.redhat.com/patch/24189
Related patch: http://patchwork.usersys.redhat.com/patch/24191
Related patch: http://patchwork.usersys.redhat.com/patch/24192
Related patch: http://patchwork.usersys.redhat.com/patch/24195
Related patch: http://patchwork.usersys.redhat.com/patch/24193
Related patch: http://patchwork.usersys.redhat.com/patch/24187

Comment 11 Aristeu Rozanski 2010-04-20 19:48:59 UTC

Please ignore the patchwork links in my last comment

Comment 14 Steve Dickson 2010-05-25 20:15:01 UTC

*** Bug 583137 has been marked as a duplicate of this bug. ***

Comment 17 releng-rhel@redhat.com 2010-11-11 16:00:44 UTC

Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.