Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Nfs kerberos encryption types

rsmits1074

Hello,

I am testing our clustered ontap with a nfs/krb5 client from Centos7. To our older ontap 7 filers we used arcfour encryption. Is there anyone who knows what has changed in ontap 9.2 ?

Is AES256 the only one supported and has anyone have a nfs/krb5 system that is working ?

 

Greetings, Richard.

1 REPLY 1

Sahana

Following Kerberos 5 are supported:

  • Kerberos 5 authentication with integrity checking (krb5i)

    Krb5i uses checksums to verify the integrity of each NFS message transferred between client and server. This is useful both for security reasons, for example to ensure that data has not been tampered with, and data integrity reasons, for example to prevent data corruption when using NFS over unreliable networks.

  • Kerberos 5 authentication with privacy checking (krb5p)

    Krb5p uses checksums to encrypt all the traffic between client and the server. This is more secure and also incurs more load.

  • 128-bit and 256-bit AES encryption

    Advanced Encryption Standard (AES) is an encryption algorithm for securing electronic data. Data ONTAP now supports AES with 128-bit keys (AES-128) and AES with 256-bit keys (AES-256) encryption for Kerberos for stronger security.

  • SVM-level Kerberos realm configurations

    SVM administrators can now create Kerberos realm configurations at the SVM level. This means that SVM administrators no longer have to rely on the cluster administrator for Kerberos realm configuration and can create individual Kerberos realm configurations in a multi-tenancy environment.

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public