Ubuntu

Please add AES/3DES/RC4 support for gss_krb5

Reported by Timo Aaltonen on 2010-04-19
28
This bug affects 4 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Wishlist
Unassigned
Lucid
Wishlist
Unassigned
nfs-utils (Ubuntu)
Wishlist
Unassigned
Lucid
Wishlist
Unassigned

Bug Description

Upstream has recently released code to support more encryption types in the linux NFS code:

kernel (queued for 2.6.35):
http://marc.info/?l=linux-nfs&m=127126664005440&w=2

nfs-utils (already in upstream git, will get in 1.2.3):
http://marc.info/?l=linux-nfs&m=127127273415295&w=2

I've briefly tested them on lucid, and at least RC4 seems to work fine (samba3 doesn't support AES/3DES, so can't try those without patching samba). The kernel patches apply on top of 2.6.32 without any conflicts, 2.6.31 needs 14ace024b1e. There was one hunk that failed on nfs-utils 1.2.0, but I tested the patches with 1.2.2-1 from Debian.

I'm hoping that this could be accepted as an SRU, because DES is obsolete and insecure, and I believe sites like our university are migrating away from insecure NFSv3 to NFSv4 & krb5 at an increasing rate.

Timo Aaltonen (tjaalton) on 2010-04-19
Changed in linux (Ubuntu):
importance: Undecided → Wishlist
Changed in nfs-utils (Ubuntu):
importance: Undecided → Wishlist
Timo Aaltonen (tjaalton) wrote :

This is fixed in maverick, leaving the lucid task open.

Changed in linux (Ubuntu):
status: New → Fix Released
Changed in nfs-utils (Ubuntu):
status: New → Fix Released
Timo Aaltonen (tjaalton) wrote :

I recognize this is not happening for lucid, and that people could try the backported kernels if needed..

Changed in linux (Ubuntu Lucid):
status: New → Won't Fix
Timo Aaltonen (tjaalton) wrote :

..and a backported nfs-utils

Changed in nfs-utils (Ubuntu Lucid):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers