Please add AES/3DES/RC4 support for gss_krb5
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
| Lucid |
Won't Fix
|
Wishlist
|
Unassigned | ||
| nfs-utils (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned | ||
| Lucid |
Won't Fix
|
Wishlist
|
Unassigned | ||
Bug Description
Upstream has recently released code to support more encryption types in the linux NFS code:
kernel (queued for 2.6.35):
http://
nfs-utils (already in upstream git, will get in 1.2.3):
http://
I've briefly tested them on lucid, and at least RC4 seems to work fine (samba3 doesn't support AES/3DES, so can't try those without patching samba). The kernel patches apply on top of 2.6.32 without any conflicts, 2.6.31 needs 14ace024b1e. There was one hunk that failed on nfs-utils 1.2.0, but I tested the patches with 1.2.2-1 from Debian.
I'm hoping that this could be accepted as an SRU, because DES is obsolete and insecure, and I believe sites like our university are migrating away from insecure NFSv3 to NFSv4 & krb5 at an increasing rate.
| Changed in linux (Ubuntu): | |
| importance: | Undecided → Wishlist |
| Changed in nfs-utils (Ubuntu): | |
| importance: | Undecided → Wishlist |
| Timo Aaltonen (tjaalton) wrote | #1 |
| Changed in linux (Ubuntu): | |
| status: | New → Fix Released |
| Changed in nfs-utils (Ubuntu): | |
| status: | New → Fix Released |
| Timo Aaltonen (tjaalton) wrote | #2 |
| Changed in linux (Ubuntu Lucid): | |
| status: | New → Won't Fix |
| Timo Aaltonen (tjaalton) wrote | #3 |
| Changed in nfs-utils (Ubuntu Lucid): | |
| status: | New → Won't Fix |
This is fixed in maverick, leaving the lucid task open.