[cifs-protocol] How to determine if an account should use AES?

Andrew Bartlett abartlet at samba.org
Tue Aug 18 00:00:59 MDT 2009

On Fri, 2009-08-14 at 11:40 -0700, Sebastian Canevari wrote:
> Hi Andrew,
> I've been investigating this and I'm still discussing with the product group what would be the best way to better detail this process.
> As explained in the document, the KDC will rely on the AD property msDS-SupportedEncryptionTypes. 
> Now, if the property is not populated by the server or service, then the KDC will default to RC4 which is the legacy type.

So, the outstanding question is: what would normally populate that

> With respect to the NETLOGON_DOMAIN_INFO, Matthieu is working with Obaid on that section and I believe Obaid is sending him his response shortly.

I have to say, I'm not the wiser from Obaid's answer.   Sorry.

Perhaps you could spell it out a bit more clearly?

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/cifs-protocol/attachments/20090818/bf8e4e6b/attachment.pgp>

More information about the cifs-protocol mailing list