[PATCH] Patches come from Centrify Corp.
Dave Daugherty
dave.daugherty at centrify.com
Tue May 12 17:06:15 GMT 2009
We use a very heavily patched version of M.I.T. Kerberos 1.4.3.
I don't believe we had to make any changes to the Samba SMB packet
signing, but I will ask Weikuan to research this. If we find we missed
a patch we will submit it.
Dave Daugherty
Centrify Corp.
~~~~
On Behalf Of Stefan (metze) Metzmacher
Sent: Tuesday, May 12, 2009 7:03 AM
>> 2) clikrb5.c.patch, sasl.c.patch
>> Win2k8 encryption support, add AES into encryption list. Win2k8 uses
AES as the preferred encryption if it runs in win2k8 function level. If
we use `kinit administrator` to create kerberos cache first, and then
run `net ads user` without specifying the account explicitly, net
doesn't work. This patch resolves this.
>
> I would rather see us remove this entirely, and use the defaults.
Since
> we needed this, the Kerberos libs have impoved their defaults, and
> hopefully there are not too many brain-dead config files left around
We need to be very careful with this, as it changes the session key for
smb signing and I think samba3 needs a little bit of work to support
them.
metze
More information about the samba-technical
mailing list