WHATSNEW: document kerberos encryption types

author Uri Simchoni <uri@samba.org>

Wed, 10 Aug 2016 05:38:30 +0000 (08:38 +0300)

committer Uri Simchoni <uri@samba.org>

Thu, 24 Nov 2016 15:31:19 +0000 (16:31 +0100)
author Uri Simchoni <uri@samba.org>
Wed, 10 Aug 2016 05:38:30 +0000 (08:38 +0300)
committer Uri Simchoni <uri@samba.org>
Thu, 24 Nov 2016 15:31:19 +0000 (16:31 +0100)
diff --git a/WHATSNEW.txt b/WHATSNEW.txt

index 6b96cae2ae2196ee370c2247973a3db2e93d0259..09f9384c60278c51360bde5fb62775b99369826b 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -16,6 +16,21 @@ UPGRADING
  NEW FEATURES/CHANGES
  ====================
  
+kerberos client encryption types
+--------------------------------
+Some parts of Samba (most notably winbindd) perform Kerberos client
+operations based on a Samba-generated krb5.conf file. A new
+parameter, "kerberos encryption types" allows configuring the
+encryption types set in this file, thereby allowing the user to
+enforce strong or legacy encryption in Kerberos exchanges.
+
+The default value of "all" is compatible with previous behavior, allowing
+all encryption algorithms to be negotiated. Setting the parameter to "strong"
+only allows AES-based algorithms to be negotiated. Setting the parameter to
+"legacy" allows only RC4-HMAC-MD5 - the legacy algorithm for Active Directory.
+This can solves some corner cases of mixed environments with Server 2003R2 and
+newer DCs.
+
  
  REMOVED FEATURES
  ================
@@ -26,6 +41,7 @@ smb.conf changes
  
    Parameter Name                Description             Default
    --------------                -----------             -------
+  kerberos encryption types     New                     all
  
  
  KNOWN ISSUES
author	Uri Simchoni <uri@samba.org>
	Wed, 10 Aug 2016 05:38:30 +0000 (08:38 +0300)
committer	Uri Simchoni <uri@samba.org>
	Thu, 24 Nov 2016 15:31:19 +0000 (16:31 +0100)