Testing patch to enable AES in Samba3 Kerberos
Andrew Bartlett
abartlet at samba.org
Wed Jul 15 18:17:32 MDT 2009
On Wed, 2009-07-15 at 16:58 -0700, Jeremy Allison wrote:
> On Thu, Jul 16, 2009 at 08:38:10AM +1000, Andrew Bartlett wrote:
> > I've been testing interop with Samba3 and AD using AES, as part of some
> > interop work I was doing with Samba4's Kerberos code. I attach a patch
> > (not to be applied) to help demonstrate the problem.
> >
> > In short, Samba3 must not blindly remove the fixed list of enc types
> > without performing extensive interop to ensure it works against all
> > servers.
>
> So currently this code is preventing S3 client code
> from using AES, correct ?
Yes.
> It's pretty old code, so
> we can probably work on updating it to be W2K8
> compatible.
>
> Just want to clarify the problem.
No worries. Have a good chat with me about it before you start hacking.
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090716/e5178f3b/attachment.pgp>
More information about the samba-technical
mailing list