[Samba] Samba 4 and new Kerberos version

Gémes Géza geza at kzsdabas.hu
Tue Feb 7 12:52:52 MST 2012


2012-02-07 16:07 keltezéssel, steve írta:
> On 07/02/12 12:01, Andrew Bartlett wrote:
>> On Tue, 2012-02-07 at 10:24 +0100, steve wrote:
>>> I just got this from the mit list:
>>>
>>> <quote>
>>> DES transition
>>> ==============
>>>
>>> The krb5-1.8 release disables single-DES cryptosystems by default.  As
>>> a result, you may need to add the libdefaults setting
>>> "allow_weak_crypto = true" to communicate with existing Kerberos
>>> infrastructures if they do not support stronger ciphers.
>>>
>>> </quote>
>>>
>>> Does/will this apply to us?
>> Heimdal did this a long time ago, so yes.  If you wish to use DES, you
>> have to set that in your krb5.conf.
>>
>> Andrew Bartlett
>>
> Hi
> I'm using S4 out of the box on openSUSE 12.1. All the Kerberos
> transactions seem to choose arcfour.
> Does the des stuff apply to me?
> Thanks,
> Steve
>
Hi,
You need to enable weak crypto if you want to use kerberos with apps
which depends on des (e.g nfs, openafs).
Regards
Geza


More information about the samba mailing list