[Samba] Samba 4 and new Kerberos version

Andrew Bartlett abartlet at samba.org
Tue Feb 7 04:01:14 MST 2012

On Tue, 2012-02-07 at 10:24 +0100, steve wrote:
> I just got this from the mit list:
> <quote>
> DES transition
> ==============
> The krb5-1.8 release disables single-DES cryptosystems by default.  As
> a result, you may need to add the libdefaults setting
> "allow_weak_crypto = true" to communicate with existing Kerberos
> infrastructures if they do not support stronger ciphers.
> </quote>
> Does/will this apply to us?

Heimdal did this a long time ago, so yes.  If you wish to use DES, you
have to set that in your krb5.conf.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list