Hallo, falls noch wer in das Problem mit dem nicht funktionierenden kerberos mount bekommt, bei mir hat der Fix von https://www.spinics.net/lists/linux-nfs/msg102724.html geholfen.
# echo "mac@Kerberos = -HMAC-SHA2-*" /usr/share/crypto-policies/policies/modules/NFS.pmod # update-crypto-policies --set DEFAULT:NFS # systemctl restart gssproxy
but note that would be turning off the SHA2 enctypes for everything krb5-related, not just NFS.
auf einem weiteren Post stand: Or, you could test the patches I sent to the list yesterday (this would be on the client, not the server). The problem is those patches don't apply cleanly to the current version of nfs-utils shipped in EL9. At a quick glance, it looks like nfs-utils would need: 49567e7d configure: check for rpc_gss_seccreate 15cd5666 gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user credentials 2bfb59c6 gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials 3abf6b52 gssd: switch to using rpc_gss_seccreate() f05af7d9 gssd: revert commit 513630d720bd 20c07979 gssd: revert commit a5f3b7ccb01c 14ee4878 gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for user credentials 4b272471 gssd: handle KRB5_AP_ERR_BAD_INTEGRITY for machine credentials 75b04a9b gssd: fix handling DNS lookup failure f066f87b gssd: enable forcing cred renewal using the keytab and you'd also need to patch libtirpc to include: 22b1c0c gssapi: fix rpc_gss_seccreate passed in cred Viele Grüße Frank Knoben