From: Scott Mayhew <smayhew@redhat.com>
To: Chuck Lever III <chuck.lever@oracle.com>
Cc: jaganmohan kanakala <jaganmohan.kanakala@gmail.com>,
Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
David Howells <dhowells@redhat.com>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>
Subject: Re: [External] : Re: LINUX NFS support for SHA256 hash types
Date: Thu, 28 Mar 2024 15:42:15 -0400 [thread overview]
Message-ID: <ZgXIF1IzGn8dZGAB@aion> (raw)
In-Reply-To: <DEC63E8F-A254-4A2C-B0CD-74E2256D0990@oracle.com>
On Mon, 25 Mar 2024, Chuck Lever III wrote:
>
>
> > On Mar 25, 2024, at 2:34 AM, jaganmohan kanakala <jaganmohan.kanakala@gmail.com> wrote:
> >
> > Hi Chuck,
> >
> > Following up with my earlier email, I've noted from the following commit that the support for SHA 256/384 has now been added to Linux NFS.
> > https://github.com/torvalds/linux/commit/a40cf7530d3104793f9361e69e84ada7960724f2
> >
> > The commit message says that the implementation was in 'beta' at the time of the commit. Is the implementation still in the 'beta' stage?
>
> "Beta" was used simply to mean that the code did not have
> significant test or deployment experience. So far there
> have been only a few bugs, all known to be fixed at the
> moment.
>
>
> > I have an NFS client where I'm trying to support SHA 256 for Krb5. How can I verify my implementation with the Linux NFS server?
>
> You will need a Linux distribution whose user space
> Kerberos libraries support AES_SHA2 enctypes, and of
> course a recent kernel. Scott, anything else? Does the
> KDC need to handle these enctypes too?
It depends on whether both the NFS client and the NFS server support the
enctype negotiation extension (RFC 4537). If they do, then the KDC
doesn't need to be able to handle those enctypes.
-Scott
>
> -- Chuck Lever
>
>
prev parent reply other threads:[~2024-03-28 19:42 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-28 12:04 LINUX NFS support for SHA256 hash types jaganmohan kanakala
2022-09-29 16:18 ` Chuck Lever III
2022-10-07 9:27 ` jaganmohan kanakala
[not found] ` <CAK6vGw=50xecARE1MHmB73VrQS_OFzSqA5c1JF9AuOmjusUDNg@mail.gmail.com>
2024-03-25 14:33 ` [External] : " Chuck Lever III
2024-03-28 19:42 ` Scott Mayhew [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZgXIF1IzGn8dZGAB@aion \
--to=smayhew@redhat.com \
--cc=chuck.lever@oracle.com \
--cc=dhowells@redhat.com \
--cc=jaganmohan.kanakala@gmail.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.