[Samba] Samba 4.8.10 for rhel7/centos7 rpms
Andreas Schneider
asn at samba.org
Mon Apr 8 18:58:00 UTC 2019
On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> On ma, 08 huhti 2019, vincent at cojot.name wrote:
> > Adding Alexander (cc'ed, thank you)
> >
> > Hi Sergio,
> > I found some hints (dating back almost a year ago) about why gnutls-3.4
> > might be needed:
> > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> >
> > I don't know how much of this still holds true (I've been running an AD DC
> > with rhel7's gnutls 3.3.z for over a year without apparent issues).
>
> Actually, you need Andreas, not me. ;)
>
> Andreas is working on crypto unification and moves crypto implementation
> to use standardized crypto libraries which have better chances to pass
> audit and certifications. Over few releases, gnutls has been improved to
> provide more and more of crypto primitives used by Samba. This is where
> a requirement for newer versions of gnutls comes from.
Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for implement the
crypt for the DCERPC backupkey service.
If you build Samba on your with Heimdal on your own, then is it works with
older GnuTLS versions. However I wouldn't run Samba AD DC with Heimdal, the
Samba copy is from 2011. Who knows what's in there ...
Best regards,
Andreas
--
Andreas Schneider asn at samba.org
Samba Team www.samba.org
GPG-ID: 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
More information about the samba
mailing list