Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms
- Date: Mon, 08 Apr 2019 20:58:00 +0200
- From: Andreas Schneider via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms
On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> On ma, 08 huhti 2019, vincent@xxxxxxxxxx wrote:
> > Adding Alexander (cc'ed, thank you)
> > Hi Sergio,
> > I found some hints (dating back almost a year ago) about why gnutls-3.4
> > might be needed:
> > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> > I don't know how much of this still holds true (I've been running an AD DC
> > with rhel7's gnutls 3.3.z for over a year without apparent issues).
> Actually, you need Andreas, not me. ;)
> Andreas is working on crypto unification and moves crypto implementation
> to use standardized crypto libraries which have better chances to pass
> audit and certifications. Over few releases, gnutls has been improved to
> provide more and more of crypto primitives used by Samba. This is where
> a requirement for newer versions of gnutls comes from.
Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for implement the
crypt for the DCERPC backupkey service.
If you build Samba on your with Heimdal on your own, then is it works with
older GnuTLS versions. However I wouldn't run Samba AD DC with Heimdal, the
Samba copy is from 2011. Who knows what's in there ...
Andreas Schneider asn@xxxxxxxxx
Samba Team www.samba.org
To unsubscribe from this list go to the following URL and read the