diff options
author | Isaac Boukris <iboukris@gmail.com> | 2019-11-18 15:00:03 +0100 |
---|---|---|
committer | Isaac Boukris <iboukris@sn-devel-184> | 2019-11-19 16:12:39 +0000 |
commit | d2b5aa16500835471692c8e1fe6cd1584da89785 (patch) | |
tree | 232aaf9a46e6edeb2f6b61c8f59e6232ea07b3d8 | |
parent | 389d1b979b8a4235033a298a56e6c10294a515fe (diff) | |
download | samba-d2b5aa16500835471692c8e1fe6cd1584da89785.tar.gz |
whatsnew: announce removal of DES encryption type in Kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Nov 19 16:12:39 UTC 2019 on sn-devel-184
-rw-r--r-- | WHATSNEW.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 376cd2862f1..f84cfcf7623 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -93,6 +93,26 @@ make changes to the DNS Zone and nudging the 'named' server if a new DC was added to the domain. Administrators using BIND9_FLATFILE will need to maintain this manually from now on. + +Retiring DES encryption types in Kerberos. +------------------------------------------ +With this release, support for DES encryption types has been removed from +Samba, and setting DES_ONLY flag for an account will cause Kerberos +authentication to fail for that account (see RFC-6649). + +Samba-DC: DES keys no longer saved in DB. +----------------------------------------- +When a new password is set for an account, Samba DC will store random keys +in DB instead of DES keys derived from the password. If the account is being +migrated to Windbows or to an older version of Samba in order to use DES keys, +the password must be reset to make it work. + +Heimdal-DC: removal of weak-crypto. +----------------------------------- +Following removal of DES encryption types from Samba, the embedded Heimdal +build has been updated to not compile weak crypto code (HEIM_WEAK_CRYPTO). + + smb.conf changes ================ |