What Kerberos Encryption Types are supported with NAS protocols for ONTAP 9
Applies to
- ONTAP 9
- CIFS
- NFS
Answer
|
DES-CBC-CRC | DES-CBC-MD4 | DES-CBC-MD5 | DES3-CBC-SHA1 | ARCFOUR-HMAC-MD5 | AES128-CTS-HMAC-SHA1-96 | AES256-CTS-HMAC-SHA1-96 |
---|---|---|---|---|---|---|---|
NFS | X | X | X | X | X | X | |
CIFS | X | X | X | X | X | X |
Additional Information
- The table provides information on what encryption types are supported for the NFS GSS service (RPCSEC_GSS) and CIFS Kerberos.
- The different protocols have their own method of interaction with Kerberos services, hence all encryption types are not mutually supported across protocols.
- NetApp recommends using AES when possible
- Can I disable RC4
- What is the impact of setting is-aes-encryption-enabled to TRUE
- Enable or disable AES encryption for Kerberos-based communication