diff options
author | Uri Simchoni <uri@samba.org> | 2016-08-10 08:38:30 +0300 |
---|---|---|
committer | Uri Simchoni <uri@samba.org> | 2016-11-24 16:31:19 +0100 |
commit | bb7594392f61ee284d1caec6c865e9663a705174 (patch) | |
tree | 97316c41e8965700ccc3c8fff7ef31b32c6afb3c /WHATSNEW.txt | |
parent | a59e547853c67a54e04f7292941d56a4006d2f02 (diff) | |
download | samba-bb7594392f61ee284d1caec6c865e9663a705174.tar.gz |
WHATSNEW: document kerberos encryption types
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Diffstat (limited to 'WHATSNEW.txt')
-rw-r--r-- | WHATSNEW.txt | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 6b96cae2ae2..09f9384c602 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -16,6 +16,21 @@ UPGRADING NEW FEATURES/CHANGES ==================== +kerberos client encryption types +-------------------------------- +Some parts of Samba (most notably winbindd) perform Kerberos client +operations based on a Samba-generated krb5.conf file. A new +parameter, "kerberos encryption types" allows configuring the +encryption types set in this file, thereby allowing the user to +enforce strong or legacy encryption in Kerberos exchanges. + +The default value of "all" is compatible with previous behavior, allowing +all encryption algorithms to be negotiated. Setting the parameter to "strong" +only allows AES-based algorithms to be negotiated. Setting the parameter to +"legacy" allows only RC4-HMAC-MD5 - the legacy algorithm for Active Directory. +This can solves some corner cases of mixed environments with Server 2003R2 and +newer DCs. + REMOVED FEATURES ================ @@ -26,6 +41,7 @@ smb.conf changes Parameter Name Description Default -------------- ----------- ------- + kerberos encryption types New all KNOWN ISSUES |