The Samba-Bugzilla – Attachment 18068 Details for
Bug 15457
WHATSNEW for RBCD in Samba AD with Heimdal
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
WHATSNEW Update (v2)
0001-WHATSNEW-Add-Resource-Based-Constrained-Delegation-R.patch (text/plain), 1.85 KB, created by
Andrew Bartlett
on 2023-08-24 23:21:11 UTC
(
hide
)
Description:
WHATSNEW Update (v2)
Filename:
MIME Type:
Creator:
Andrew Bartlett
Created:
2023-08-24 23:21:11 UTC
Size:
1.85 KB
patch
obsolete
>From 56ba30c19059b5d9ee33fac0e95a82aec385f7a3 Mon Sep 17 00:00:00 2001 >From: Andrew Bartlett <abartlet@samba.org> >Date: Thu, 24 Aug 2023 19:09:25 +1200 >Subject: [PATCH] WHATSNEW: Add Resource Based Constrained Delegation (RBCD) > feature for Heimdal > >This landed in master as 34760dfc89e879a889d64b48c606ccbaf10e8ba3. > >(This text based strongly on e25d6c89bef298ac8cd8c2fb7b49f6cbd4e05ba5 >and b3e043276017c6323afa681df9154df9a4292bd1 in Samba 4.17's WHATSNEW) > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=15457 > >Signed-off-by: Andrew Bartlett <abartlet@samba.org> >--- > WHATSNEW.txt | 17 +++++++++++++++++ > 1 file changed, 17 insertions(+) > >diff --git a/WHATSNEW.txt b/WHATSNEW.txt >index d4315046af4..54c59442461 100644 >--- a/WHATSNEW.txt >+++ b/WHATSNEW.txt >@@ -135,6 +135,23 @@ member server's own domain, to only consume a header and 4 bytes per > group in the PAC, not a full-length SID worth of space each. This is > known as "Resource SID compression". > >+Resource Based Constrained Delegation (RBCD) support in both MIT and Heimdal >+----------------------------------------------------------------------------- >+ >+Samba AD DC built with MIT Kerberos (1.20 and later) has offered RBCD >+support since Samba 4.17. Samba 4.19 brings this feature to the >+default Heimdal KDC. >+ >+Samba 4.17 added to samba-tool delegation the 'add-principal' and >+'del-principal' subcommands in order to manage RBCD, and the database >+changes made by these tools are now honoured by the Heimdal KDC once >+Samba is upgraded. >+ >+Likewise, now both MIT (1.20 and later) and Heimdal KDCs add the >+Asserted Identity [1] SID into the PAC for constrained delegation. >+ >+[1] https://docs.microsoft.com/en-us/windows-server/security/kerberos/kerberos-constrained-delegation-overview >+ > New samba-tool support for silos, claims, sites and subnets. > ------------------------------------------------------------ > >-- >2.25.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=18068">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
jsutton
:
review+
Actions:
View
Attachments on
bug 15457
:
18065
| 18068