>From 6d4c90d299570ea22cea0dac3b7b6570bc111dc6 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 14 Jun 2011 22:04:11 +1000
Subject: [PATCH] s3-WHATSNEW 3.5.9 Add information on kerberos change

---
 WHATSNEW.txt |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index f9b4a46..5da7d3c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -11,7 +11,21 @@ Major enhancements in Samba 3.5.9 include:
 o  Sgid bit lost on folder rename (bug #7996).
 o  ACL can get lost when files are being renamed (bug #7987).
 o  Respect "allow trusted domains = no" in Winbind (bug #6966).
+o  Samba now follows windows behaviour as a kerberos client,
+requesting a CIFS/ ticket (bug 7893)
 
+New Kerberos behaviour
+----------------------
+
+A new parameter 'client use spnego principal' defaults to 'no' and
+mean Samba will use CIFS/hostname to obtain a kerberos ticket, acting
+more like Windows when using Kerberos against a CIFS server in
+smbclient, winbind and other Samba client tools.  This will change
+which servers we will successfully negotiate kerberos connections to.
+This is due to Samba no longer trusting a server-provided hint which
+is not available from Windows 2008 or later.  For correct operation
+with all clients, all aliases for a server should be recorded as a as
+a servicePrincipalName on the server's record in AD.
 
 Changes since 3.5.8:
 --------------------
-- 
1.7.5.2