WHATSNEW: Additional hashes introduced with WDigest

Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Garming Sam <garming@catalyst.net.nz> 2017-07-03 12:46:09 +1200
committer: Garming Sam <garming@samba.org> 2017-07-03 03:59:17 +0200
commit: 63a56fe821f2b14142c60d51506e9bdef915038c (patch)
tree: 59bc2ca479aa3c781e2b587ceb2258f68d8430ac /WHATSNEW.txt
parent: 5e6b4c4b13ef2bd0aacd5a203eee0e54a16d8ec4 (diff)
download: samba-63a56fe821f2b14142c60d51506e9bdef915038c.tar.gz
1 files changed, 27 insertions, 14 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index dea7b8bcdfa..a50e3314be3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -166,6 +166,18 @@ The reliability of RODCs locating a writable partner still requires some
 improvements and so the 'password server' configuration option is generally
 recommended on the RODC.
 
+Additional password hashes stored in supplementalCredentials
+------------------------------------------------------------
+
+A new config option 'password hash userPassword schemes' has been added to
+enable generation of SHA-256 and SHA-512 hashes (without storing the plaintext
+password with reversible encryption). This builds upon previous work to improve
+password sync for the AD DC (originally using GPG).
+
+The user command of 'samba-tool' has been updated in order to be able to
+extract these additional hashes, as well as extracting the (HTTP) WDigest
+hashes that we had also been storing in supplementalCredentials.
+
 Query record for open file or directory
 ---------------------------------------
 
@@ -215,20 +227,21 @@ for modern SMB1/2/3 clients.
 smb.conf changes
 ================
 
-  Parameter Name                Description             Default
-  --------------                -----------             -------
-  allow unsafe cluster upgrade  New parameter           no
-  auth event notification       New parameter           no
-  auth methods                  Deprecated
-  client max protocol           Effective               SMB3_11
-                                default changed
-  map untrusted to domain       New value/              auto
-                                Default changed/
-                                Deprecated
-  mit kdc command               New parameter
-  profile acls                  Deprecated
-  rpc server dynamic port range New parameter           49152-65535
-  strict sync                   Default changed         yes
+  Parameter Name                     Description             Default
+  --------------                     -----------             -------
+  allow unsafe cluster upgrade       New parameter           no
+  auth event notification            New parameter           no
+  auth methods                       Deprecated
+  client max protocol                Effective               SMB3_11
+                                     default changed
+  map untrusted to domain            New value/              auto
+                                     Default changed/
+                                     Deprecated
+  mit kdc command                    New parameter
+  profile acls                       Deprecated
+  rpc server dynamic port range      New parameter           49152-65535
+  strict sync                        Default changed         yes
+  password hash userPassword schemes New parameter
 
 
 KNOWN ISSUES
author	Garming Sam <garming@catalyst.net.nz>	2017-07-03 12:46:09 +1200
committer	Garming Sam <garming@samba.org>	2017-07-03 03:59:17 +0200
commit	63a56fe821f2b14142c60d51506e9bdef915038c (patch)
tree	59bc2ca479aa3c781e2b587ceb2258f68d8430ac /WHATSNEW.txt
parent	5e6b4c4b13ef2bd0aacd5a203eee0e54a16d8ec4 (diff)
download	samba-63a56fe821f2b14142c60d51506e9bdef915038c.tar.gz