mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
whatsnew: announce removal of DES encryption type in Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202 Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Tue Nov 19 16:12:39 UTC 2019 on sn-devel-184
This commit is contained in:
parent
389d1b979b
commit
d2b5aa1650
20
WHATSNEW.txt
20
WHATSNEW.txt
@ -93,6 +93,26 @@ make changes to the DNS Zone and nudging the 'named' server if a new
|
||||
DC was added to the domain. Administrators using BIND9_FLATFILE will
|
||||
need to maintain this manually from now on.
|
||||
|
||||
|
||||
Retiring DES encryption types in Kerberos.
|
||||
------------------------------------------
|
||||
With this release, support for DES encryption types has been removed from
|
||||
Samba, and setting DES_ONLY flag for an account will cause Kerberos
|
||||
authentication to fail for that account (see RFC-6649).
|
||||
|
||||
Samba-DC: DES keys no longer saved in DB.
|
||||
-----------------------------------------
|
||||
When a new password is set for an account, Samba DC will store random keys
|
||||
in DB instead of DES keys derived from the password. If the account is being
|
||||
migrated to Windbows or to an older version of Samba in order to use DES keys,
|
||||
the password must be reset to make it work.
|
||||
|
||||
Heimdal-DC: removal of weak-crypto.
|
||||
-----------------------------------
|
||||
Following removal of DES encryption types from Samba, the embedded Heimdal
|
||||
build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO).
|
||||
|
||||
|
||||
smb.conf changes
|
||||
================
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user