Comment 3 for bug 938581

Lucid kernel doesn't support all the encryption types that the later kernels (like the one from 11.10 or 12.04) support. Because of that, and some bugs/missing code in lucid krb5/nfs-utils packages, NFSv4 server, KDC server, and the client can't agree on the correct encryption type to use when exchanging Kerberos tickets.

Now, it's not really a new issue - even when trying to connect 10.04 client to 10.04 server you had to set allow_weak_crypto, default_tgs_enctypes and default_tkt_enctypes so you could mount "kerberized" NFSv4 shares, but now it appears that it's not enough.

In my case, the workaround was to force des-cbc-crc encryption type on the server by setting "permitted_enctypes = des-cbc-crc" in /etc/krb5.conf, under [libdefaults] section.

I may try backporting fixes mentioned in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622146 to lucid to see if it helps a bit.

I'm gong to leave the bug as affectign nfs-utils for now, and change its importance and status based on what I've found out so far. If I can confirm that patches from the debian bug work (and so that both bugs are actually the same) I'll link the debian bug, add krb5 package, and try talking with developers on preparing an SRU if possible.