Serious Impact of NIST FDCC requirements
Jeremy Allison
jra at samba.org
Wed Jan 23 18:30:24 GMT 2008
On Wed, Jan 23, 2008 at 12:03:49PM -0500, Loyd Darby wrote:
> New requirements from Congress and the National Institute of standards
> is forcing us to reconsider our Samba domain because of the encryption
> requirements and signed communications.
>
> I have tried to work my way through Kerberos , server signing and all
> that but even though I am no rookie, it is beyond me.
>
> Is any one at Samba looking at this?
>
> Unless there is some one out there with the smarts to lead a way through
> this.
> Pretty much all US federal government agencies will have to abandon
> Samba and go down that other path.
>
> The root of all this evil can be found here :
> http://fdcc.nist.gov/
As a DC member we already support krb5 and signed communications,
as well as NTLMv2. As a PDC Samba3 can do NTLMv2 and signed
communications (and sealed RPC) but not krb5, you'd need to
use Samba4 as a PDC (not ready yet) to do krb5.
Samba 3.2 (under preparation) will add IPv6 support.
What are you missing ?
Jeremy.
More information about the samba-technical
mailing list