Testing patch to enable AES in Samba3 Kerberos

Andrew Bartlett abartlet at samba.org
Wed Jul 15 16:38:10 MDT 2009

I've been testing interop with Samba3 and AD using AES, as part of some
interop work I was doing with Samba4's Kerberos code.  I attach a patch
(not to be applied) to help demonstrate the problem.

In short, Samba3 must not blindly remove the fixed list of enc types
without performing extensive interop to ensure it works against all

I hope that before we get to that, we can start using GENSEC in the
whole tree, but I realise that may be a while off.

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Make-Samba3-use-AES-for-Kerberos.patch
Type: text/x-patch
Size: 2305 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090716/bc758bbc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090716/bc758bbc/attachment.pgp>

More information about the samba-technical mailing list