Web lists-archives.com

Re: [Samba] Samba 4.8.10 for rhel7/centos7 rpms




On Mon, 08 Apr 2019 20:58:00 +0200
Andreas Schneider via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Monday, April 8, 2019 7:36:40 PM CEST Alexander Bokovoy wrote:
> > On ma, 08 huhti 2019, vincent@xxxxxxxxxx wrote:  
> > > Adding Alexander (cc'ed, thank you)
> > > 
> > > Hi Sergio,
> > > I found some hints (dating back almost a year ago) about why
> > > gnutls-3.4 might be needed:
> > > https://lists.samba.org/archive/samba-technical/2018-April/127282.html
> > > 
> > > I don't know how much of this still holds true (I've been running
> > > an AD DC with rhel7's gnutls 3.3.z for over a year without
> > > apparent issues).  
> > 
> > Actually, you need Andreas, not me. ;)
> > 
> > Andreas is working on crypto unification and moves crypto
> > implementation to use standardized crypto libraries which have
> > better chances to pass audit and certifications. Over few releases,
> > gnutls has been improved to provide more and more of crypto
> > primitives used by Samba. This is where a requirement for newer
> > versions of gnutls comes from.  
> 
> Samba AD DC built with MIT Kerberos requires gnutls 3.4.7 for
> implement the crypt for the DCERPC backupkey service.
> 
> If you build Samba on your with Heimdal on your own, then is it works
> with older GnuTLS versions. However I wouldn't run Samba AD DC with
> Heimdal, the Samba copy is from 2011. Who knows what's in there ...
> 

Andreas, you have just written off every working Samba AD DC on the
planet!

Do you think it was wise to do this ?

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba