Date: Sun, 7 Jan 2018 17:56:13 -0500 From: Garrett Wollman <wollman@bimajority.org> To: Rick Macklem <rmacklem@uoguelph.ca> Cc: Benjamin Kaduk <kaduk@mit.edu>, "freebsd-fs\@freebsd.org" <freebsd-fs@freebsd.org> Subject: Re: Anyone managed to build a static gssd? Message-ID: <23122.42381.906072.663073@hergotha.csail.mit.edu> In-Reply-To: <YTOPR0101MB21723D8BB5B9AFFCD051F512DD120@YTOPR0101MB2172.CANPRD01.PROD.OUTLOOK.COM> References: <23121.48634.348216.421634@hergotha.csail.mit.edu> <20180107190802.GD25484@kduck.kaduk.org> <YTOPR0101MB21723D8BB5B9AFFCD051F512DD120@YTOPR0101MB2172.CANPRD01.PROD.OUTLOOK.COM>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 7 Jan 2018 21:03:01 +0000, Rick Macklem <rmacklem@uoguelph.ca> said: > Also, just fyi, RPCSEC_GSS Version 1 (the only one supported by FreeBSD) > uses good old DES and uses the session key created by the Kerberos > libraries via a TGT or keytab entry for this. > --> As such, your TGT encryption choice must result in a 56/64 bit session key. > (I never went beyond using DES for TGT encryption, but I suspect MIT > doesn't like that idea;-) That's good to know, and suggests that maybe I shouldn't bother with trying this right now. As it happens, I've been working on benchmarking recently, and the performance of NFSv4.1 is downright terrible compared to v3, at least with my particular combination of client and server. Haven't investigated yet where the slowdown is. What would it take to get AES support? -GAWollman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23122.42381.906072.663073>