From f813f8a54ae79dd74a99593aeacb252061688807 Mon Sep 17 00:00:00 2001
From: David Mulder <dmulder@suse.com>
Date: Mon, 12 Jul 2021 15:18:04 -0600
Subject: Update WHATSNEW for Certificate Auto Enrollment

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 15 20:03:45 UTC 2021 on sn-devel-184
---
 WHATSNEW.txt | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'WHATSNEW.txt')

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f3db6341e06..fe9eff8ba59 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,19 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
+Certificate Auto Enrollment
+---------------------------
+
+Certificate Auto Enrollment allows devices to enroll for certificates from
+Active Directory Certificate Services. It is enabled by Group Policy.
+To enable Certificate Auto Enrollment, Samba's group policy will need to be
+enabled by setting the smb.conf option `apply group policies` to Yes. Samba
+Certificate Auto Enrollment depends on certmonger, the cepces certmonger
+plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
+certmonger paired with cepces to monitor the host certificate templates.
+Certificates are installed in /var/lib/samba/certs and private keys are
+installed in /var/lib/samba/private/certs.
+
 
 REMOVED FEATURES
 ================
-- 
cgit v1.2.1