[Samba] Samba 4 and new Kerberos version
geza at kzsdabas.hu
Tue Feb 7 12:52:52 MST 2012
2012-02-07 16:07 keltezéssel, steve írta:
> On 07/02/12 12:01, Andrew Bartlett wrote:
>> On Tue, 2012-02-07 at 10:24 +0100, steve wrote:
>>> I just got this from the mit list:
>>> DES transition
>>> The krb5-1.8 release disables single-DES cryptosystems by default. As
>>> a result, you may need to add the libdefaults setting
>>> "allow_weak_crypto = true" to communicate with existing Kerberos
>>> infrastructures if they do not support stronger ciphers.
>>> Does/will this apply to us?
>> Heimdal did this a long time ago, so yes. If you wish to use DES, you
>> have to set that in your krb5.conf.
>> Andrew Bartlett
> I'm using S4 out of the box on openSUSE 12.1. All the Kerberos
> transactions seem to choose arcfour.
> Does the des stuff apply to me?
You need to enable weak crypto if you want to use kerberos with apps
which depends on des (e.g nfs, openafs).
More information about the samba