Red Hat Bugzilla – Bug 409101
fully kerberize nfsv4
Last modified: 2008-12-09 16:09:30 EST
Description of problem:
IPA requires nfsv4 to be kerberized. For details, see Karl Wirth.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
We currently support Kerberos V5 authentication, checksumming and encryption
for NFSv4. What else is expected?
Does it work with any key or only with DES keys? We need to work with any key.
No we only support DES. But why do we need to work with any key?
(Note: not try to be pain just curious as to what other type of keys
would give us that DES don't).
Single-key DES is limited to a 56-bit key, which is relatively easy to
brute-force when compared to other ciphers which Kerberos can use. (I'm mainly
thinking of AES here, but there are others.)
There's also the deployment problem that having to ensure that only DES keys get
set for NFS services, and going back to double-check if that's forgotten during
initial setup, is a pain.
User email@example.com's account has been closed