Force NTLMv2 only on our server? (was: Re: krb5 vulnerability ?)
jra at samba.org
Wed Dec 16 19:37:53 UTC 2015
On Tue, Dec 15, 2015 at 09:37:21PM +0100, Andreas Schneider wrote:
> On Tuesday 15 December 2015 11:12:27 Jeremy Allison wrote:
> > On Tue, Dec 15, 2015 at 08:26:50AM +0100, Andreas Schneider wrote:
> > > You are aware that Samba with Heimdal Kerberos does RC4 by default?
> > >
> > > We fixed serveral bugs (e.g. wrong saltPrincipal) in the Samba source code
> > > because MIT Kerberos uses AES and Samba was not able to deal with it. It
> > > still fails to do so without patches from my MIT Kerberos work in
> > > progress tree ...
> > The faster we get that code merged, the happier I will be :-).
> You can start to review the code. Nobody reviewed mit_samba and mit-kdb yet
I will try and get to this. My problem is I don't have a test
environment for it, but I can certainly review the raw patches.
More information about the samba-technical