Web lists-archives.com

Re: [Samba] Samba 4 account with a 'ldbmodify-ed' password does not login into domain from a Windows 7 VM




On Wed, 2017-04-12 at 20:31 +0000, Leonardo Bruno Lopes wrote:
> Dean Andrew and List,
> 
> I posted here  
>  >>https://lists.samba.org/archive/samba/2017-April/207671.html<<;
> that  
> my problem was solved, but I have the following question:
> 
> What is the possible security issues that may come from removing
> the  
> 'supplementalCredentials' attribute?
> 
> Thanks,
> Leonardo

The KDC will no longer be able to issue AES encrypted tickets, just as
if you had just upgraded from a NT4-like/classic Samba domain.

Otherwise nothing too drastic at this time, but we might start storing
more information there in the future, which is why this is an internal
control not really intended for external use. 

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba