[Samba] Samba 4 and new Kerberos version

Andrew Bartlett abartlet at samba.org
Tue Feb 7 04:01:14 MST 2012


On Tue, 2012-02-07 at 10:24 +0100, steve wrote:
> I just got this from the mit list:
> 
> <quote>
> DES transition
> ==============
> 
> The krb5-1.8 release disables single-DES cryptosystems by default.  As
> a result, you may need to add the libdefaults setting
> "allow_weak_crypto = true" to communicate with existing Kerberos
> infrastructures if they do not support stronger ciphers.
> 
> </quote>
> 
> Does/will this apply to us?

Heimdal did this a long time ago, so yes.  If you wish to use DES, you
have to set that in your krb5.conf.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org



More information about the samba mailing list