https://community.netapp.com/t5/ONTAP-Discussions/Nfs-kerberos-encryption-types/m-p/134382#M29413 <P>Hello,</P><P>I am testing our clustered ontap with a nfs/krb5 client from Centos7. To our older ontap 7 filers we used arcfour encryption. Is there anyone who knows what has changed in ontap 9.2 ?</P><P>Is AES256 the only one supported and has anyone have a nfs/krb5 system that is working ?</P><P>&nbsp;</P><P>Greetings, Richard.</P> Wed, 04 Jun 2025 14:37:23 GMT rsmits1074 2025-06-04T14:37:23Z https://community.netapp.com/t5/ONTAP-Discussions/Nfs-kerberos-encryption-types/m-p/134382#M29413 <P>Hello,</P><P>I am testing our clustered ontap with a nfs/krb5 client from Centos7. To our older ontap 7 filers we used arcfour encryption. Is there anyone who knows what has changed in ontap 9.2 ?</P><P>Is AES256 the only one supported and has anyone have a nfs/krb5 system that is working ?</P><P>&nbsp;</P><P>Greetings, Richard.</P> Wed, 04 Jun 2025 14:37:23 GMT https://community.netapp.com/t5/ONTAP-Discussions/Nfs-kerberos-encryption-types/m-p/134382#M29413 rsmits1074 2025-06-04T14:37:23Z https://community.netapp.com/t5/ONTAP-Discussions/Nfs-kerberos-encryption-types/m-p/134406#M29416 <P>Following Kerberos 5 are supported:</P><DIV class="body conbody"><UL><LI>Kerberos 5 authentication with integrity checking (krb5i)<P class="p">Krb5i uses checksums to verify the integrity of each NFS message transferred between client and server. This is useful both for security reasons, for example to ensure that data has not been tampered with, and data integrity reasons, for example to prevent data corruption when using NFS over unreliable networks.</P></LI><LI>Kerberos 5 authentication with privacy checking (krb5p)<P class="p">Krb5p uses checksums to encrypt all the traffic between client and the server. This is more secure and also incurs more load.</P></LI><LI>128-bit and 256-bit AES encryption<P class="p">Advanced Encryption Standard (AES) is an encryption algorithm for securing electronic data. Data ONTAP now supports AES with 128-bit keys (AES-128) and AES with 256-bit keys (AES-256) encryption for Kerberos for stronger security.</P></LI><LI><SPAN class="ph">SVM</SPAN>-level Kerberos realm configurations<P class="p"><SPAN class="ph">SVM</SPAN><SPAN>&nbsp;</SPAN>administrators can now create Kerberos realm configurations at the<SPAN>&nbsp;</SPAN><SPAN class="ph">SVM</SPAN><SPAN>&nbsp;</SPAN>level. This means that<SPAN>&nbsp;</SPAN><SPAN class="ph">SVM</SPAN><SPAN>&nbsp;</SPAN>administrators no longer have to rely on the cluster administrator for Kerberos realm configuration and can create individual Kerberos realm configurations in a multi-tenancy environment.</P></LI></UL></DIV><DIV class="related-links"><DIV class="familylinks"><DIV class="parentlink"><STRONG>Parent topic:</STRONG><SPAN>&nbsp;</SPAN><A title="You can use Kerberos to provide strong authentication between SVMs and NFS clients to provide secure NFS communication. Configuring NFS with Kerberos increases the integrity and security of NFS client communications with the storage system." href="http://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-nfs/GUID-3ECE9551-A805-460B-86EC-EBCC14422528.html" target="_blank">Using Kerberos with NFS for strong security</A></DIV><DIV class="parentlink">Reference&nbsp;<A href="http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-nfs%2FGUID-F5F91EE8-7080-4820-9D6D-958E115189D4.html" target="_blank">http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-nfs%2FGUID-F5F91EE8-7080-4820-9D6D-958E115189D4.html</A></DIV></DIV></DIV> Tue, 12 Sep 2017 04:56:08 GMT https://community.netapp.com/t5/ONTAP-Discussions/Nfs-kerberos-encryption-types/m-p/134406#M29416 Sahana 2017-09-12T04:56:08Z