Bug 409101 - fully kerberize nfsv4
Summary: fully kerberize nfsv4
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nfs-utils   
(Show other bugs)
Version: 5.2
Hardware: All Linux
Target Milestone: ---
: ---
Assignee: Steve Dickson
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-12-03 18:57 UTC by Kevin Krafthefer
Modified: 2008-12-09 21:09 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-09 20:40:42 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Kevin Krafthefer 2007-12-03 18:57:58 UTC
Description of problem:
IPA requires nfsv4 to be kerberized. For details, see Karl Wirth.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Actual results:

Expected results:

Additional info:

Comment 1 Steve Dickson 2007-12-17 12:22:39 UTC
We currently support Kerberos V5 authentication, checksumming and encryption
for NFSv4. What else is expected?

Comment 2 Karl Wirth 2007-12-17 17:04:56 UTC
Does it work with any key or only with DES keys? We need to work with any key.

Comment 3 Steve Dickson 2007-12-17 20:11:36 UTC
No we only support DES. But why do we need to work with any key? 
(Note: not try to be pain just curious as to what other type of keys 
would give us that DES don't).

Comment 4 Nalin Dahyabhai 2007-12-17 23:37:48 UTC
Single-key DES is limited to a 56-bit key, which is relatively easy to
brute-force when compared to other ciphers which Kerberos can use.  (I'm mainly
thinking of AES here, but there are others.)

There's also the deployment problem that having to ensure that only DES keys get
set for NFS services, and going back to double-check if that's forgotten during
initial setup, is a pain.

Comment 5 Tony Fu 2008-10-06 01:47:53 UTC
User krafthef@redhat.com's account has been closed

Note You need to log in before you can comment on or make changes to this bug.