From owner-freebsd-fs@freebsd.org  Sun Jan  7 22:56:16 2018
Return-Path: <owner-freebsd-fs@freebsd.org>
Delivered-To: freebsd-fs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D0C29E642C2
 for <freebsd-fs@mailman.ysv.freebsd.org>; Sun,  7 Jan 2018 22:56:16 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu
 (wollman-1-pt.tunnel.tserv4.nyc4.ipv6.he.net [IPv6:2001:470:1f06:ccb::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 7A5A67D309
 for <freebsd-fs@freebsd.org>; Sun,  7 Jan 2018 22:56:16 +0000 (UTC)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: from hergotha.csail.mit.edu (localhost [127.0.0.1])
 by hergotha.csail.mit.edu (8.15.2/8.15.2) with ESMTP id w07MuEsQ060132;
 Sun, 7 Jan 2018 17:56:14 -0500 (EST)
 (envelope-from wollman@hergotha.csail.mit.edu)
Received: (from wollman@localhost)
 by hergotha.csail.mit.edu (8.15.2/8.14.4/Submit) id w07MuEF7060131;
 Sun, 7 Jan 2018 17:56:14 -0500 (EST) (envelope-from wollman)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <23122.42381.906072.663073@hergotha.csail.mit.edu>
Date: Sun, 7 Jan 2018 17:56:13 -0500
From: Garrett Wollman <wollman@bimajority.org>
To: Rick Macklem <rmacklem@uoguelph.ca>
Cc: Benjamin Kaduk <kaduk@mit.edu>,
 "freebsd-fs\@freebsd.org" <freebsd-fs@freebsd.org>
Subject: Re: Anyone managed to build a static gssd?
In-Reply-To: <YTOPR0101MB21723D8BB5B9AFFCD051F512DD120@YTOPR0101MB2172.CANPRD01.PROD.OUTLOOK.COM>
References: <23121.48634.348216.421634@hergotha.csail.mit.edu>
 <20180107190802.GD25484@kduck.kaduk.org>
 <YTOPR0101MB21723D8BB5B9AFFCD051F512DD120@YTOPR0101MB2172.CANPRD01.PROD.OUTLOOK.COM>
X-Mailer: VM 8.2.0b under 25.3.1 (amd64-portbld-freebsd10.3)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2
 (hergotha.csail.mit.edu [127.0.0.1]); Sun, 07 Jan 2018 17:56:14 -0500 (EST)
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,
 HEADER_FROM_DIFFERENT_DOMAINS autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 hergotha.csail.mit.edu
X-BeenThere: freebsd-fs@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Filesystems <freebsd-fs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-fs/>
List-Post: <mailto:freebsd-fs@freebsd.org>
List-Help: <mailto:freebsd-fs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-fs>,
 <mailto:freebsd-fs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jan 2018 22:56:16 -0000

<<On Sun, 7 Jan 2018 21:03:01 +0000, Rick Macklem <rmacklem@uoguelph.ca> said:

> Also, just fyi, RPCSEC_GSS Version 1 (the only one supported by FreeBSD)
> uses good old DES and uses the session key created by the Kerberos
> libraries via a TGT or keytab entry for this.
> --> As such, your TGT encryption choice must result in a 56/64 bit session key.
>      (I never went beyond using DES for TGT encryption, but I suspect MIT
>       doesn't like that idea;-)

That's good to know, and suggests that maybe I shouldn't bother with
trying this right now.  As it happens, I've been working on
benchmarking recently, and the performance of NFSv4.1 is downright
terrible compared to v3, at least with my particular combination of
client and server.  Haven't investigated yet where the slowdown is.

What would it take to get AES support?

-GAWollman