Force NTLMv2 only on our server? (was: Re: krb5 vulnerability ?)
Jeremy Allison
jra at samba.org
Wed Dec 16 19:37:53 UTC 2015
On Tue, Dec 15, 2015 at 09:37:21PM +0100, Andreas Schneider wrote:
> On Tuesday 15 December 2015 11:12:27 Jeremy Allison wrote:
> > On Tue, Dec 15, 2015 at 08:26:50AM +0100, Andreas Schneider wrote:
> > > You are aware that Samba with Heimdal Kerberos does RC4 by default?
> > >
> > > We fixed serveral bugs (e.g. wrong saltPrincipal) in the Samba source code
> > > because MIT Kerberos uses AES and Samba was not able to deal with it. It
> > > still fails to do so without patches from my MIT Kerberos work in
> > > progress tree ...
> > The faster we get that code merged, the happier I will be :-).
>
> You can start to review the code. Nobody reviewed mit_samba and mit-kdb yet
> ...
>
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master-mit-kdc
I will try and get to this. My problem is I don't have a test
environment for it, but I can certainly review the raw patches.
More information about the samba-technical
mailing list