[Pkg-samba-maint] Bug#566977: Bug#566977: Acknowledgement (samba-common-bin: 'net ads join' fails against Windows 2003 domain with 'Program lacks support for encryption type')
vorlon at debian.org
Wed Jan 27 20:50:50 UTC 2010
On Wed, Jan 27, 2010 at 02:47:05AM -0500, Etienne Goyer wrote:
> Steve Langasek wrote:
> > On Tue, Jan 26, 2010 at 11:00:28AM -0500, Etienne Goyer wrote:
> >> That sounds like a regression to me, if previously working setup are
> >> broken on update. Is there any way the behavior could be reversed to be
> >> backward-compatible?
> > It's a deliberate behavior change to disable weak encryption types by
> > default, so the only things broken are those that depend on weak encryption
> > types. You're welcome to try to persuade the Kerberos guys to revert
> > this...
> I do not see the point in trying; they must be aware of the consequence
> of that behavior change already. That being said, from the distribution
> point of view, would it be appropriate to take measure to ensure the
> user base is not left to figure out why their Kerberos authentication is
> broken on update by themselves?
Given that samba is using its own private krb5.conf for each domain trust, I
think it's appropriate for samba to either remove the dependency on
allow_weak_crypto or to include this setting in all its configs.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 828 bytes
Desc: Digital signature
More information about the Pkg-samba-maint