13135 – The KDC logic arround msDs-supportedEncryptionTypes differs from Windows

Bug 13135 - The KDC logic arround msDs-supportedEncryptionTypes differs from Windows

Summary: The KDC logic arround msDs-supportedEncryptionTypes differs from Windows

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.7.0
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Stefan Metzmacher
QA Contact:	Samba QA Contact

URL:	https://gitlab.com/samba-team/samba/-...
Keywords:

Depends on:	14354
Blocks:
	Show dependency tree / graph

Reported:	2017-11-14 15:15 UTC by Stefan Metzmacher
Modified:	2022-12-16 11:56 UTC (History)
CC List:	4 users (show)

See Also:	14354 15048

Attachments
Work in progress patches (14.24 KB, patch) 2017-12-13 13:03 UTC, Stefan Metzmacher	no flags	Details
Work in progress for master (14.35 KB, patch) 2020-02-03 11:01 UTC, Stefan Metzmacher	no flags	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Metzmacher 2017-11-14 15:15:01 UTC

It seems this attribute is only evaluated for objects with objectClass=computer
and not for normal accounts.

The presence of a supported encryption type should also have some meaning if
a key for that type is not yet stored in the database.

But the KDC should notice support for new encryption types and use
that for session keys.

Comment 1 Stefan Metzmacher 2017-12-13 13:03:06 UTC

Created attachment 13866 [details]
Work in progress patches

Comment 2 Stefan Metzmacher 2020-02-03 11:01:37 UTC

Created attachment 15761 [details]
Work in progress for master

Comment 3 Andrew Bartlett 2020-04-28 09:03:21 UTC

I like our current behaviour where we have a way to control what encryption types are available.  Otherwise we have no way to, per user, control the encryption types.

Comment 4 Stefan Metzmacher 2022-03-25 12:33:46 UTC

Comment on attachment 15761 [details]
Work in progress for master

The current patches are on https://gitlab.com/samba-team/samba/-/merge_requests/2459

Comment 5 Samba QA Contact 2022-12-13 14:07:05 UTC

This bug was referenced in samba master:

d7ea197ed1a9903f601030e6466cc822f9b8f794
1dfa91682efd3b12d7d6af75287efb12ebd9e526
fde745ec3491a4fd7b23e053a67093a2ccaf0905

Comment 6 Samba QA Contact 2022-12-14 10:31:31 UTC

This bug was referenced in samba v4-15-test:

527a164b410f87c6f2a9b508d8261214819f8ef3
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91

Comment 7 Samba QA Contact 2022-12-14 11:34:05 UTC

This bug was referenced in samba v4-16-test:

ec1a2225a0f73f81c46530203775fd5ac703858a
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6

Comment 8 Samba QA Contact 2022-12-14 12:41:04 UTC

This bug was referenced in samba v4-17-test:

42c12b8c36d6466cae5197b84650a27944e059cd
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9

Comment 9 Samba QA Contact 2022-12-15 16:31:13 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.13):

527a164b410f87c6f2a9b508d8261214819f8ef3
1815d339417261605820cb17f240c75fae01289a
ee9ffe50e99d2778d0d17fb65d6b27911d211f91

Comment 10 Samba QA Contact 2022-12-15 16:33:02 UTC

This bug was referenced in samba v4-17-stable (Release samba-4.17.4):

42c12b8c36d6466cae5197b84650a27944e059cd
8273935239846045477f99f7dd655d9d37c8c43e
2d1f56c67e604288939f1dba0d8b338fbaedd5a9

Comment 11 Samba QA Contact 2022-12-15 16:36:09 UTC

This bug was referenced in samba v4-16-stable (Release samba-4.16.8):

ec1a2225a0f73f81c46530203775fd5ac703858a
c8afae7869a8aa53da90bf1748eb8ce2e8d763aa
906dbd0a4bdc89d14c971c1bd4e6c3059eefb2c6