Force NTLMv2 only on our server? (was: Re: krb5 vulnerability ?)
Andreas Schneider
asn at samba.org
Tue Dec 15 20:37:21 UTC 2015
On Tuesday 15 December 2015 11:12:27 Jeremy Allison wrote:
> On Tue, Dec 15, 2015 at 08:26:50AM +0100, Andreas Schneider wrote:
> > You are aware that Samba with Heimdal Kerberos does RC4 by default?
> >
> > We fixed serveral bugs (e.g. wrong saltPrincipal) in the Samba source code
> > because MIT Kerberos uses AES and Samba was not able to deal with it. It
> > still fails to do so without patches from my MIT Kerberos work in
> > progress tree ...
> The faster we get that code merged, the happier I will be :-).
You can start to review the code. Nobody reviewed mit_samba and mit-kdb yet
...
https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list