| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | svcgssd: use correct defaults in call to gss_set_allowable_enctypes | Kevin Coffman | 2011-07-21 | 1 | -7/+30 |
| | | | | | | | | | | | | | | | | | | | | For the window of kernels between 2.6.35 (when the support for newer encryption was added) and 2.6.39 (when the ability to read the supported enctypes from the kernel was added), use a default of all enctypes when the kernel supported enctypes file cannot be read. For kernels before 2.6.35, continue to use a default of only DES enctypes. Note that the version of Kerberos must also support the use of gss_set_allowable_enctypes for service-side negotiations. See also: http://bugzilla.redhat.com/show_bug.cgi?id=719776 Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> | ||||
| * | nfs-utils: Add support to svcgssd to limit the negotiated enctypes | Kevin Coffman | 2011-04-06 | 1 | -0/+200 |
| Recent versions of Kerberos libraries negotiate and use an "acceptor subkey". This negotiation does not consider that a service may have limited the encryption keys in its keytab. A patch (http://src.mit.edu/fisheye/changelog/krb5/?cs=24603) has been added to the MIT Kerberos code to allow an application to indicate that it wants to limit the encryption types negotiated. (This functionality has been available on the client/initiator side for a while. The new patch adds this support to the server/acceptor side.) This patch adds support to read a recently added nfsd proc file to determine the encryption types supported by the kernel and calls the function to limit encryption types negotiated for the acceptor subkey. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com> | |||||
 |
index : nfs-utils.git | |
| NFS utils related patches | Simo Sorce |
| summaryrefslogtreecommitdiffstats |