Update WHATSNEW for Certificate Auto Enrollment

author David Mulder <dmulder@suse.com>

Mon, 12 Jul 2021 21:18:04 +0000 (15:18 -0600)

committer Jeremy Allison <jra@samba.org>

Thu, 15 Jul 2021 20:03:45 +0000 (20:03 +0000)
author David Mulder <dmulder@suse.com>
Mon, 12 Jul 2021 21:18:04 +0000 (15:18 -0600)
committer Jeremy Allison <jra@samba.org>
Thu, 15 Jul 2021 20:03:45 +0000 (20:03 +0000)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index f3db6341e062f71b28ec81744dd623dae1090dd4..fe9eff8ba591b426204bf58f56a3472c121d1357 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,19 @@ UPGRADING
  NEW FEATURES/CHANGES
  ====================
  
+Certificate Auto Enrollment
+---------------------------
+
+Certificate Auto Enrollment allows devices to enroll for certificates from
+Active Directory Certificate Services. It is enabled by Group Policy.
+To enable Certificate Auto Enrollment, Samba's group policy will need to be
+enabled by setting the smb.conf option `apply group policies` to Yes. Samba
+Certificate Auto Enrollment depends on certmonger, the cepces certmonger
+plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
+certmonger paired with cepces to monitor the host certificate templates.
+Certificates are installed in /var/lib/samba/certs and private keys are
+installed in /var/lib/samba/private/certs.
+
  
  REMOVED FEATURES
  ================
author	David Mulder <dmulder@suse.com>
	Mon, 12 Jul 2021 21:18:04 +0000 (15:18 -0600)
committer	Jeremy Allison <jra@samba.org>
	Thu, 15 Jul 2021 20:03:45 +0000 (20:03 +0000)