mirror of
https://github.com/samba-team/samba.git
synced 2024-12-29 11:21:54 +03:00
71d80e6be0
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org> |
||
|---|---|---|
| .. | ||
| ads_ldap_protos.h | ||
| ads_proto.h | ||
| ads_status.c | ||
| ads_status.h | ||
| ads_struct.c | ||
| ads_utils.c | ||
| authdata.c | ||
| cldap.c | ||
| cldap.h | ||
| disp_sec.c | ||
| dns.c | ||
| dns.h | ||
| kerberos_keytab.c | ||
| kerberos_proto.h | ||
| kerberos_util.c | ||
| kerberos_verify.c | ||
| kerberos.c | ||
| krb5_errs.c | ||
| krb5_setpw.c | ||
| ldap_printer.c | ||
| ldap_schema.c | ||
| ldap_schema.h | ||
| ldap_user.c | ||
| ldap_utils.c | ||
| ldap.c | ||
| ndr.c | ||
| sasl_wrapping.c | ||
| sasl.c | ||
| sitename_cache.c | ||
| sitename_cache.h | ||
| util.c | ||