From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 6 Nov 2018 00:40:48 +0000 (+1300)
Subject: CVE-2018-16853 WHATSNEW: The Samba AD DC, when build with MIT Kerberos is experimental
X-Git-Tag: tdb-1.3.17~598
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c5370a4349d381ba3b64b063dc28a2c54cfacdfc;p=thirdparty%2Fsamba.git

CVE-2018-16853 WHATSNEW: The Samba AD DC, when build with MIT Kerberos is experimental

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
---

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fc43edc8e86..23a88c295b5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -78,6 +78,17 @@ Using the default sequence the restart delays (in seconds) are:
 REMOVED FEATURES
 ================
 
+MIT Kerberos build of the AD DC
+-------------------------------
+
+While not removed, the MIT Kerberos build of the Samba AD DC is still
+considered experimental.  Because Samba will not issue security
+patches for this configuration, such builds now require the explicit
+configure option: --with-experimental-mit-ad-dc
+
+For further details see
+https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
+
 samba_backup
 ------------