Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms
- Date: Mon, 8 Apr 2019 20:16:33 +0100
- From: Rowland Penny via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms
On Mon, 08 Apr 2019 20:58:00 +0200
Andreas Schneider via samba <samba@xxxxxxxxxxxxxxx> wrote:
> On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> > On ma, 08 huhti 2019, vincent@xxxxxxxxxx wrote:
> > > Adding Alexander (cc'ed, thank you)
> > >
> > > Hi Sergio,
> > > I found some hints (dating back almost a year ago) about why
> > > gnutls-3.4 might be needed:
> > > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> > >
> > > I don't know how much of this still holds true (I've been running
> > > an AD DC with rhel7's gnutls 3.3.z for over a year without
> > > apparent issues).
> > Actually, you need Andreas, not me. ;)
> > Andreas is working on crypto unification and moves crypto
> > implementation to use standardized crypto libraries which have
> > better chances to pass audit and certifications. Over few releases,
> > gnutls has been improved to provide more and more of crypto
> > primitives used by Samba. This is where a requirement for newer
> > versions of gnutls comes from.
> Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for
> implement the crypt for the DCERPC backupkey service.
> If you build Samba on your with Heimdal on your own, then is it works
> with older GnuTLS versions. However I wouldn't run Samba AD DC with
> Heimdal, the Samba copy is from 2011. Who knows what's in there ...
Andreas, you have just written off every working Samba AD DC on the
Do you think it was wise to do this ?
To unsubscribe from this list go to the following URL and read the