Testing patch to enable AES in Samba3 Kerberos
Jeremy Allison
jra at samba.org
Thu Jul 16 10:28:29 MDT 2009
On Thu, Jul 16, 2009 at 10:17:32AM +1000, Andrew Bartlett wrote:
> On Wed, 2009-07-15 at 16:58 -0700, Jeremy Allison wrote:
> > On Thu, Jul 16, 2009 at 08:38:10AM +1000, Andrew Bartlett wrote:
> > > I've been testing interop with Samba3 and AD using AES, as part of some
> > > interop work I was doing with Samba4's Kerberos code. I attach a patch
> > > (not to be applied) to help demonstrate the problem.
> > >
> > > In short, Samba3 must not blindly remove the fixed list of enc types
> > > without performing extensive interop to ensure it works against all
> > > servers.
> >
> > So currently this code is preventing S3 client code
> > from using AES, correct ?
>
> Yes.
>
> > It's pretty old code, so
> > we can probably work on updating it to be W2K8
> > compatible.
> >
> > Just want to clarify the problem.
>
> No worries. Have a good chat with me about it before you start hacking.
Thanks, I'll definately bug you to learn what's going
on before I start messing with anything :-).
Cheers,
Jeremy.
More information about the samba-technical
mailing list