Testing patch to enable AES in Samba3 Kerberos

Andrew Bartlett abartlet at samba.org
Wed Jul 15 18:17:32 MDT 2009


On Wed, 2009-07-15 at 16:58 -0700, Jeremy Allison wrote:
> On Thu, Jul 16, 2009 at 08:38:10AM +1000, Andrew Bartlett wrote:
> > I've been testing interop with Samba3 and AD using AES, as part of some
> > interop work I was doing with Samba4's Kerberos code.  I attach a patch
> > (not to be applied) to help demonstrate the problem.
> > 
> > In short, Samba3 must not blindly remove the fixed list of enc types
> > without performing extensive interop to ensure it works against all
> > servers.
> 
> So currently this code is preventing S3 client code
> from using AES, correct ? 

Yes.

> It's pretty old code, so
> we can probably work on updating it to be W2K8
> compatible.
> 
> Just want to clarify the problem.

No worries.  Have a good chat with me about it before you start hacking.

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090716/e5178f3b/attachment.pgp>


More information about the samba-technical mailing list