Force NTLMv2 only on our server? (was: Re: krb5 vulnerability ?)

Jeremy Allison jra at
Tue Dec 15 19:12:27 UTC 2015

On Tue, Dec 15, 2015 at 08:26:50AM +0100, Andreas Schneider wrote:
> You are aware that Samba with Heimdal Kerberos does RC4 by default?
> We fixed serveral bugs (e.g. wrong saltPrincipal) in the Samba source code 
> because MIT Kerberos uses AES and Samba was not able to deal with it. It still 
> fails to do so without patches from my MIT Kerberos work in progress tree ...

The faster we get that code merged, the happier I will be :-).

More information about the samba-technical mailing list