WHATSNEW: Document changes of trusted domains scanning and enterpise principals

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 23 10:46:22 UTC 2021 on sn-devel-184

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 5034de66ad991a05bb7c7bb4b68b6c4f22b381de..d8effc5ce0943d61c6fa9fff1ca130c5a3ae9b45 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -108,6 +108,17 @@ smbd:
 winbindd:
 --log-stdout  ->    --debug-stdout
 
+Scanning of trusted domains and enterpise principals
+----------------------------------------------------
+
+As an artifact from the NT4 times, we still scanned the list of trusted domains
+on winbindd startup. This is wrong as we never can get a full picture in Active
+Directory. It is time to change the default value to No. Also with this change
+we always use enterprise principals for Kerberos so that the DC will be able
+to redirect ticket requests to the right DC. This is e.g needed for one way
+trusts. The options `winbind use krb5 enterprise principals` and
+`winbind scan trusted domains` will be deprecated in one of the next releases.
+
 
 REMOVED FEATURES
 ================