diff options
author | Garming Sam <garming@catalyst.net.nz> | 2017-07-03 12:46:09 +1200 |
---|---|---|
committer | Garming Sam <garming@samba.org> | 2017-07-03 03:59:17 +0200 |
commit | 63a56fe821f2b14142c60d51506e9bdef915038c (patch) | |
tree | 59bc2ca479aa3c781e2b587ceb2258f68d8430ac | |
parent | 5e6b4c4b13ef2bd0aacd5a203eee0e54a16d8ec4 (diff) | |
download | samba-63a56fe821f2b14142c60d51506e9bdef915038c.tar.gz |
WHATSNEW: Additional hashes introduced with WDigest
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
-rw-r--r-- | WHATSNEW.txt | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dea7b8bcdfa..a50e3314be3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -166,6 +166,18 @@ The reliability of RODCs locating a writable partner still requires some improvements and so the 'password server' configuration option is generally recommended on the RODC. +Additional password hashes stored in supplementalCredentials +------------------------------------------------------------ + +A new config option 'password hash userPassword schemes' has been added to +enable generation of SHA-256 and SHA-512 hashes (without storing the plaintext +password with reversible encryption). This builds upon previous work to improve +password sync for the AD DC (originally using GPG). + +The user command of 'samba-tool' has been updated in order to be able to +extract these additional hashes, as well as extracting the (HTTP) WDigest +hashes that we had also been storing in supplementalCredentials. + Query record for open file or directory --------------------------------------- @@ -215,20 +227,21 @@ for modern SMB1/2/3 clients. smb.conf changes ================ - Parameter Name Description Default - -------------- ----------- ------- - allow unsafe cluster upgrade New parameter no - auth event notification New parameter no - auth methods Deprecated - client max protocol Effective SMB3_11 - default changed - map untrusted to domain New value/ auto - Default changed/ - Deprecated - mit kdc command New parameter - profile acls Deprecated - rpc server dynamic port range New parameter 49152-65535 - strict sync Default changed yes + Parameter Name Description Default + -------------- ----------- ------- + allow unsafe cluster upgrade New parameter no + auth event notification New parameter no + auth methods Deprecated + client max protocol Effective SMB3_11 + default changed + map untrusted to domain New value/ auto + Default changed/ + Deprecated + mit kdc command New parameter + profile acls Deprecated + rpc server dynamic port range New parameter 49152-65535 + strict sync Default changed yes + password hash userPassword schemes New parameter KNOWN ISSUES |