Web lists-archives.com

Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms

On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> On ma, 08 huhti 2019, vincent@xxxxxxxxxx wrote:
> > Adding Alexander (cc'ed, thank you)
> > 
> > Hi Sergio,
> > I found some hints (dating back almost a year ago) about why gnutls-3.4
> > might be needed:
> > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> > 
> > I don't know how much of this still holds true (I've been running an AD DC
> > with rhel7's gnutls 3.3.z for over a year without apparent issues).
> Actually, you need Andreas, not me. ;)
> Andreas is working on crypto unification and moves crypto implementation
> to use standardized crypto libraries which have better chances to pass
> audit and certifications. Over few releases, gnutls has been improved to
> provide more and more of crypto primitives used by Samba. This is where
> a requirement for newer versions of gnutls comes from.

Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for implement the 
crypt for the DCERPC backupkey service.

If you build Samba on your with Heimdal on your own, then is it works with 
older GnuTLS versions. However I wouldn't run Samba AD DC with Heimdal, the 
Samba copy is from 2011. Who knows what's in there ...

Best regards,


Andreas Schneider                      asn@xxxxxxxxx
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba