Sunday, January 24, 2010

Did your Kerberos authenticated NFS mounts all just break?

Here's why. A recent update to the krb5 packages disabled weak ciphers, DES in particular. I'm all for stronger security, but when it breaks my system, I get a bit crabby. I was the dummy here, I saw there message during the update process about possible NFS breakage due to the weak ciphers being disabled. I ignored the messages because I was in a hurry and I figured it would be a two minute fix. An hour and a half later I now have it fixed. Here is a link to the bug report that helped me. The fix is to re-enable the weak ciphers in your /etc/krb5.conf filein the libdefaults section.

allow_weak_crypto = true

No comments:

Post a Comment