Force NTLMv2 only on our server? (was: Re: krb5 vulnerability ?)

Andreas Schneider asn at
Tue Dec 15 20:37:21 UTC 2015

On Tuesday 15 December 2015 11:12:27 Jeremy Allison wrote:
> On Tue, Dec 15, 2015 at 08:26:50AM +0100, Andreas Schneider wrote:
> > You are aware that Samba with Heimdal Kerberos does RC4 by default?
> > 
> > We fixed serveral bugs (e.g. wrong saltPrincipal) in the Samba source code
> > because MIT Kerberos uses AES and Samba was not able to deal with it. It
> > still fails to do so without patches from my MIT Kerberos work in
> > progress tree ...
> The faster we get that code merged, the happier I will be :-).

You can start to review the code. Nobody reviewed mit_samba and mit-kdb yet 

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list