In this article I am going to show how we can find the supported encryption types from nfs server.
You need to go to below path to see the supported encryption types :
It will show you the numbers only kindly find the below mapping with encryption types :
18 -- aes256-cts-hmac-sha1-96 17 -- aes128-cts-hmac-sha1-96 16 -- des3-cbc-sha1-kd 23 -- rc4-hmac 3 -- des-cbc-md5 1 -- des-cbc-crc 2 -- des-cbc-md4 Which encryption type your nfs client and servers are using, you can find that from tcpdump or from the kerberos logs when the ticket is getting generated. Showing an example from NFS tcpdump to identify which "Encryption type" we are using. Network File System [Program Version: 4] [V4 Procedure: NULL (0)] GSS Context GSS Context Length: 4 GSS Context: 18000000 [Created in frame: 13] GSS Major Status: 0 GSS Minor Status: 0 GSS Sequence Window: 128 GSS Token: 0000009c60819906092a864886f71201020202006f818930... GSS Token Length: 156 GSS-API Generic Security Service Application Program Interface OID: 1.2.840.113518.104.22.168 (KRB5 - Kerberos 5) krb5_blob: 02006f8189308186a003020105a10302010fa27a3078a003... krb5_tok_id: KRB5_AP_REP (0x0002) Kerberos AP-REP Pvno: 5 MSG Type: AP-REP (15) enc-part aes256-cts-hmac-sha1-96 Encryption type: aes256-cts-hmac-sha1-96 (18) <<<<<<<<< enc-part: 164eac87c8137e058a30c26f87d4020f13b34621b048b9b4... If you are facing issue while doing kerbero mount of nfs share, it's good practice to see whether you are able to mount the share using keytab generated with "all" encryption type instead of any specific one.