Bug 15635 - Do not fail PAC validation for RFC8009 checksums types
Summary: Do not fail PAC validation for RFC8009 checksums types
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.20.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jule Anger
QA Contact: Samba QA Contact
Depends on:
Reported: 2024-04-16 07:24 UTC by Andreas Schneider
Modified: 2024-05-08 08:06 UTC (History)
2 users (show)

See Also:

patch for 4.20 (4.81 KB, patch)
2024-04-16 07:25 UTC, Andreas Schneider
ab: review+

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2024-04-16 07:24:07 UTC
While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default.
Comment 1 Andreas Schneider 2024-04-16 07:25:23 UTC
Created attachment 18287 [details]
patch for 4.20
Comment 2 Alexander Bokovoy 2024-04-16 07:26:33 UTC
Comment on attachment 18287 [details]
patch for 4.20

Comment 3 Andreas Schneider 2024-04-16 08:30:17 UTC
Jule, please include the patch in 4.20. Thanks!
Comment 4 Jule Anger 2024-04-16 08:40:20 UTC
Pushed to autobuild-v4-20-test.
Comment 5 Samba QA Contact 2024-04-16 12:25:11 UTC
This bug was referenced in samba v4-20-test:

Comment 6 Jule Anger 2024-04-16 12:31:08 UTC
Closing out bug report.

Comment 7 Samba QA Contact 2024-05-08 08:06:58 UTC
This bug was referenced in samba v4-20-stable (Release samba-4.20.1):