diff options
author | Andrew Bartlett <abartlet@samba.org> | 2019-07-05 07:19:53 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2019-07-05 00:05:15 +0000 |
commit | eb8f74f26d5d8facaaa13419e852aac727ba41a8 (patch) | |
tree | d51d4dc88cc251d62e9dcbc7145076a2186bcce8 /WHATSNEW.txt | |
parent | b3a2508f2ad79e2f1007464da7dbe918933038a0 (diff) | |
download | samba-eb8f74f26d5d8facaaa13419e852aac727ba41a8.tar.gz |
WHATSNEW: entries for gnutls and samba-tool
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 5 00:05:15 UTC 2019 on sn-devel-184
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index cf65bd04ebb..286798cc289 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -87,6 +87,36 @@ Samba's replication code has also been improved to handle replication with the 2012 schema (the core of this replication fix has also been backported to 4.9.11 and will be in a 4.10.x release). +GnuTLS 3.2 required +------------------- + +Samba is making efforts to remove in-tree cryptographic functionality, +and to instead rely on externally maintained libraries. To this end, +Samba has chosen GnuTLS as our standard cryptographic provider. + +Samba now requires GnuTLS 3.2 to be installed (including development +headers at build time) for all configurations, not just the Samba AD +DC. + +NOTE WELL: The use of GnuTLS means that Samba will honour the +system-wide 'FIPS mode' (a reference to the US FIPS-140 cryptographic +standard) and so will not operate in many still common situations if +this system-wide parameter is in effect, as many of our protocols rely +on outdated cryptography. + +A future Samba version will mitigate this to some extent where good +cryptography effectively wraps bad cryptography, but for now that above +applies. + +samba-tool improvements +----------------------- + +A new "samba-tool contact" command has been added to allow the +command-line manipulation of contacts, as used for address book +lookups in LDAP. + +The "samba-tool [user|group|computer|group|contact] edit" command has been +improved to operate more pleasantly on international character sets. 100,000 USER and LARGER Samba AD DOMAINS ======================================== |