Serious Impact of NIST FDCC requirements

Jeremy Allison jra at
Wed Jan 23 18:30:24 GMT 2008

On Wed, Jan 23, 2008 at 12:03:49PM -0500, Loyd Darby wrote:
> New requirements from Congress and the National Institute of standards 
> is forcing us to reconsider our Samba domain because of the encryption 
> requirements and signed communications.
> I have tried to work my way through Kerberos , server signing and all 
> that but even though I am no rookie, it is beyond me.
> Is any one at Samba looking at this?  
> Unless there is some one out there with the smarts to lead a way through 
> this. 
> Pretty much all US federal government agencies will have to abandon 
> Samba and go down that other path.
> The root of all this evil can be found here :

As a DC member we already support krb5 and signed communications,
as well as NTLMv2. As a PDC Samba3 can do NTLMv2 and signed
communications (and sealed RPC) but not krb5, you'd need to
use Samba4 as a PDC (not ready yet) to do krb5.

Samba 3.2 (under preparation) will add IPv6 support.

What are you missing ?


More information about the samba-technical mailing list