[PATCH] Patches come from Centrify Corp.

Dave Daugherty dave.daugherty at centrify.com
Tue May 12 17:06:15 GMT 2009

We use a very heavily patched version of M.I.T. Kerberos 1.4.3. 
I don't believe we had to make any changes to the Samba SMB packet
signing, but I will ask Weikuan to research this.  If we find we missed
a patch we will submit it.

Dave Daugherty
Centrify Corp.

On Behalf Of Stefan (metze) Metzmacher
Sent: Tuesday, May 12, 2009 7:03 AM

>> 2) clikrb5.c.patch, sasl.c.patch
>> Win2k8 encryption support, add AES into encryption list. Win2k8 uses
AES as the preferred encryption if it runs in win2k8 function level.  If
we use `kinit administrator` to create kerberos cache first, and then
run `net ads user` without specifying the account explicitly,  net
doesn't work. This patch resolves this.
> I would rather see us remove this entirely, and use the defaults.
> we needed this, the Kerberos libs have impoved their defaults, and
> hopefully there are not too many brain-dead config files left around

We need to be very careful with this, as it changes the session key for
smb signing and I think samba3 needs a little bit of work to support


More information about the samba-technical mailing list