thr3ads.net - samba - [Samba] Samba 4 and new Kerberos version [Feb 2012]

If this information is useful, please help other people find it:
Share via:

steve

2012-Feb-07 09:24 UTC

[Samba] Samba 4 and new Kerberos version

I just got this from the mit list:

<quote>
DES transition
=============
The krb5-1.8 release disables single-DES cryptosystems by default.  As
a result, you may need to add the libdefaults setting
"allow_weak_crypto = true" to communicate with existing Kerberos
infrastructures if they do not support stronger ciphers.

</quote>

Does/will this apply to us?
Thanks,
Steve

Andrew Bartlett

2012-Feb-07 11:01 UTC

head link

[Samba] Samba 4 and new Kerberos version

On Tue, 2012-02-07 at 10:24 +0100, steve wrote:> I just got this from the mit list:
> 
> <quote>
> DES transition
> =============> 
> The krb5-1.8 release disables single-DES cryptosystems by default.  As
> a result, you may need to add the libdefaults setting
> "allow_weak_crypto = true" to communicate with existing Kerberos
> infrastructures if they do not support stronger ciphers.
> 
> </quote>
> 
> Does/will this apply to us?
Heimdal did this a long time ago, so yes.  If you wish to use DES, you
have to set that in your krb5.conf.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

samba - Feb 2012 - Samba 4 and new Kerberos version

[Samba] Samba 4 and new Kerberos version

[Samba] Samba 4 and new Kerberos version