Hi Linux-NFS team,
I'm trying to set up the Kerberos5 setup with MIT as the KDC on my
RHEL 8 machines.
I'm able to get the setup working with Kerberos encryption types where
the hash type is SHA1 (aes128-cts-hmac-sha1-96 and
aes256-cts-hmac-sha1-96).
As SHA1 is kind of obsolete, my goal is to get my setup working for
SHA256 hash types (aes128-cts-hmac-sha256-128,
aes256-cts-hmac-sha384-192).
I tried that. The communication between the Linux client and MIT KDC
is aes128-cts-hmac-sha256-128, but the communication between the Linux
client and Linux NFS server is only aes256-cts-hmac-sha1-96.
When I checked the Linux upstream code I see that there is no support
for SHA256 (and above) hash types.
https://github.com/torvalds/linux/blob/5bfc75d92efd494db37f5c4c173d3639d4772966/net/sunrpc/auth_gss/gss_krb5_mech.c
Have I looked at the right source code?
Does the latest Linux NFS server has support for kerberos encryption
types aes128-cts-hmac-sha256-128, aes256-cts-hmac-sha384-192 ?
Can anyone confirm?
BR,
Jaganmohan K