Skip to content

Commit 46a7952

Browse files
jsutton24douglasbagnall
jsutton24
authored and
douglasbagnall
committed
CVE-2026-20833: WHATSNEW: Document new default for ‘kdc default domain supported enctypes’
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org> Autobuild-Date(master): Wed Feb 18 01:52:23 UTC 2026 on atb-devel-224
1 parent 802649f commit 46a7952

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

WHATSNEW.txt

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,13 @@ JSON Audit logging
2222
The two leading spaces before the opening '{' on JSON audit log lines have been
2323
removed. And any embedded new line characters '\n' are converted to spaces.
2424

25+
Domain encryption types changed to AES by default
26+
-------------------------------------------------
27+
28+
The default value of the smb.conf option ‘kdc default domain supported enctypes’
29+
now corresponds to ‘aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96’ (both AES
30+
encryption types) if the domain functional level is 2008 or higher. This
31+
addresses CVE-2026-20833.
2532

2633
REMOVED FEATURES
2734
================
@@ -32,6 +39,7 @@ smb.conf changes
3239

3340
Parameter Name Description Default
3441
-------------- ----------- -------
42+
kdc default domain supported enctypes New default AES encryption types (if supported by domain)
3543

3644

3745
KNOWN ISSUES

0 commit comments

Comments
 (0)